E0041676F(void* __ecx, void* __eflags, intOrPtr _a4) {
intOrPtr* _v12;
intOrPtr _v16;
void _v20;
signed int _v24;
long _v29;
signed int _v33;
signed int _v35;
signed char _v36;
signed int _v40;
char _v41;
unsigned int _v49;
signed int _v53;
short _v55;
char _v56;
signed int _v60;
signed int _v65;
unsigned int _v69;
short _v71;
char _v72;
char _v76;
intOrPtr _v81;
signed int _v85;
char _v88;
signed int _v93;
signed int _v97;
short _v99;
char _v100;
unsigned int _v105;
void* _v109;
short _v111;
char _v112;
unsigned int _v117;
short _v123;
char _v124;
unsigned int _v129;
long _v133;
short _v135;
char _v136;
struct _OVERLAPPED* _v141;
long _v145;
char _v148;
unsigned int _v153;
struct _OVERLAPPED* _v157;
short _v159;
char _v160;
long _v164;
signed int _v176;
intOrPtr _v181;
intOrPtr _v185;
short _v187;
char _v188;
intOrPtr _v193;
signed int _v197;
char _v200;
struct _SYSTEMTIME _v216;
union _LARGE_INTEGER* _v220;
union _LARGE_INTEGER _v224;
struct _SYSTEMTIME _v240;
unsigned int _v245;
struct _OVERLAPPED* _v249;
char _v252;
struct _FILETIME _v260;
long _v264;
signed int _v276;
char _v288;
void* _v296;
void* _v304;
short _v340;
short _v872;
struct _WIN32_FIND_DATAW _v944;
short _v1392;
char _v1920;
struct _WIN32_FIND_DATAW _v1992;
char _v2440;
char _v2696;
short _v3224;
short _v3264;
char _v3744;
void* __ebx;
void* __edi;
void* __esi;
intOrPtr* _t441;
void* _t457;
signed int _t459;
void* _t461;
signed int _t465;
signed int _t466;
signed int _t467;
signed int _t470;
void* _t476;
void* _t483;
signed int _t485;
signed int _t490;
void* _t493;
void* _t494;
void* _t496;
signed int _t498;
signed int _t499;
signed int _t502;
signed int* _t503;
void* _t504;
void* _t513;
unsigned int _t514;
void* _t524;
signed int _t527;
unsigned int _t529;
signed int _t530;
signed int _t532;
short _t550;
signed char _t555;
void* _t558;
signed int _t560;
void* _t562;
signed int _t564;
signed int _t566;
signed int _t574;
signed int _t577;
signed int _t578;
void* _t586;
short _t591;
signed int _t597;
signed int _t599;
void* _t602;
signed int _t604;
signed int _t606;
void* _t609;
signed int _t611;
signed int _t614;
void* _t618;
signed int _t621;
signed int _t635;
signed int _t638;
signed int _t641;
signed int _t645;
unsigned int _t647;
signed int _t649;
signed int _t651;
void* _t657;
char* _t666;
signed int _t667;
void* _t673;
short _t678;
intOrPtr _t680;
signed int _t685;
signed int _t689;
void* _t695;
void* _t705;
void* _t706;
short _t707;
void* _t719;
void* _t729;
void* _t730;
short _t731;
signed int _t738;
void* _t744;
void* _t751;
signed int _t752;
signed int _t753;
void* _t755;
intOrPtr _t759;
int _t764;
int _t766;
signed int _t786;
signed int _t790;
int _t792;
intOrPtr* _t793;
void* _t794;
void* _t797;
void* _t799;
signed int _t807;
void* _t835;
void* _t838;
signed int _t839;
signed int _t840;
void* _t841;
void* _t842;
short* _t846;
WCHAR* _t847;
signed int _t849;
WCHAR* _t856;
signed int _t858;
signed int _t859;
signed int _t860;
void* _t861;
signed int _t871;
signed int _t872;
unsigned int _t874;
signed int _t875;
signed int _t876;
void* _t881;
unsigned int _t882;
signed int _t884;
void* _t886;
char* _t888;
unsigned int _t889;
void* _t891;
unsigned int _t894;
unsigned int _t895;
WCHAR* _t896;
void* _t897;
void* _t898;
_t801 = __ecx;
_t441 = E0040E205(0x460);
_t793 = _t441;
_v12 = _t793;
_t900 = _t793;
if(_t793 == 0) {
return _t441;
}
if(E00416730(_t793, _t900) == 0) {
L186:
E00414B3B(_a4, _t801, 0, 1, 0, 0, 0, 0);
if( *((char*)(_t793 + 0x10)) != 0) {
CloseHandle( *(_t793 + 0x14));
}
if( *(_t793 + 0x246) != 0) {
CloseHandle( *(_t793 + 0x248));
}
_t851 = *_t793;
if( *_t793 != 0) {
E00415420(_t851);
}
_t852 = *((intOrPtr*)(_t793 + 4));
if( *((intOrPtr*)(_t793 + 4)) != 0) {
E00415420(_t852);
}
_t853 = *(_t793 + 8);
if( *(_t793 + 8) != 0) {
E00415420(_t853);
}
_t445 = *(_t793 + 0xc);
if( *(_t793 + 0xc) != 0) {
E0040E235(_t445);
}
*(_t793 + 0x14) = *(_t793 + 0x14) | 0xffffffff;
*(_t793 + 0x248) = *(_t793 + 0x248) | 0xffffffff;
*((char*)(_t793 + 0x10)) = 0;
*(_t793 + 0x246) = 0;
*((short*)(_t793 + 0x456)) = 0;
*((char*)(_t793 + 0x458)) = 0;
*(_t793 + 0x45c) = 0;
return E0040E235(_t793);
} else {
_v93 = _v93 & 0;
_v97 = _v97 & 0;
_v100 = 0;
_v99 = 0;
while(E004165A1(_t801, _a4, &_v100, 0xb) != 0xffffffff) {
_t457 = E00416504(_t801, _a4, *_t793, &_v124, 0xb, 0x2710, 0x1f4);
if(_t457 == 0xffffffff) {
goto L186;
}
if(_t457 != 0) {
_t801 = &_v100;
_t459 = E0040E2A6( &_v124, &_v100, 0xb);
__eflags = _t459;
if(_t459 != 0) {
goto L186;
}
_t461 = E00416504( &_v100, _a4, *_t793, &_v20, 8, 0xea60, 0x1f4);
__eflags = _t461 - 1;
if(_t461 == 1) {
_t19 = _t793 + 0x45c;
*_t19 = *(_t793 + 0x45c) & 0x00000000;
__eflags = *_t19;
goto L11;
do {
while(1) {
L11:
_t881 = == ? _v20 : _v16;
_t465 = E00416504(_t801, _a4, *_t793, &_v36, 0xb, _t881, _t881);
__eflags = _t465;
if(_t465 == 0) {
break;
}
__eflags = _t465 - 0xffffffff;
if(_t465 == 0xffffffff) {
goto L186;
}
_t466 = _v36 & 0x000000ff;
*(_t793 + 0x45c) = 0;
__eflags = _t466 - 7;
if(__eflags > 0) {
_t467 = _t466 - 8;
__eflags = _t467;
if(_t467 == 0) {
__eflags = *((char*)(_t793 + 0x10));
L182:
if(__eflags == 0) {
continue;
}
L183:
E004166F0(_t793);
continue;
}
_t470 = _t467 - 1;
__eflags = _t470;
if(_t470 == 0) {
_t383 = _t793 + 0x18; // 0x18
_t856 = _t383;
E0040E2E8(_t470, _t856, 0, 0x20a);
_t882 = _v29;
__eflags = _t882 - 0x1e6;
if(_t882 >= 0x1e6) {
continue;
}
_t475 = == ? _v20 : _v16;
_t476 = E00416504(_t801, _a4, *_t793, _t856, _t882, 0xea60, == ? _v20 : _v16);
__eflags = _t476 - 1;
if(_t476 != 1) {
goto L186;
}
_v60 = _v60 & 0;
*((short*)(_t793 + 0x18 + (_t882 >> 1) * 2)) = 0;
_t481 = == ? _v20 : _v16;
_t483 = E00416504(_t801, _a4, *_t793, &_v60, 4, 0xea60, == ? _v20 : _v16);
__eflags = _t483 - 1;
if(_t483 != 1) {
goto L186;
}
_t835 = 0x2a;
_t485 = E0040EF0E(_t856, _t835);
_t884 = _t485;
__eflags = _t884;
if(_t884 != 0) {
_t402 = _t884 + 2; // 0x2
_t801 = _t402;
_t403 = _t793 + 0x222; // 0x222
E0040E5D6(_t485 | 0xffffffff, _t402, _t403);
__eflags = 0;
*_t884 = 0;
} else {
*(_t793 + 0x222) = _t485;
}
_t490 = (_v35 & 0x0000ffff) - 1;
__eflags = _t490;
if(_t490 == 0) {
__eflags = 1;
goto L173;
} else {
_t499 = _t490 - 1;
__eflags = _t499;
if(_t499 == 0) {
_push(3);
L171:
_pop(1);
L173:
_t493 = CreateFileW(_t856, 0xc0000000, 3, 0, 1, 0x8000000, 0);
__eflags = _v35 - 2;
*(_t793 + 0x14) = _t493;
if(_v35 == 2) {
_push(2);
_t498 = SetFilePointerEx(_t493, 0, 0, &_v304);
__eflags = _t498;
if(_t498 == 0) {
_t408 = _t793 + 0x14;
*_t408 = *(_t793 + 0x14) | 0xffffffff;
__eflags = *_t408;
}
}
__eflags = *(_t793 + 0x14) - 0xffffffff;
_v200 = 0xa;
if( *(_t793 + 0x14) != 0xffffffff) {
_t413 = &_v197;
*_t413 = _v197 & 0x00000000;
__eflags = *_t413;
} else {
_v197 = GetLastError();
}
_t494 = E0040ED84(_t856);
_t801 = &_v200;
_v193 = _t494 + _t494;
_t496 = E004165C7(_t494 + _t494, &_v200, __eflags, _a4, &_v200, _t856);
__eflags = _t496 - 0xffffffff;
if(_t496 == 0xffffffff) {
goto L186;
} else {
*((char*)(_t793 + 0x458)) = 0;
*((char*)(_t793 + 0x10)) = 1;
continue;
}
}
__eflags = _t499 != 1;
if(_t499 != 1) {
goto L186;
}
_push(5);
goto L171;
}
}
_t502 = _t470;
__eflags = _t502;
if(_t502 == 0) {
__eflags = *((char*)(_t793 + 0x10));
if( *((char*)(_t793 + 0x10)) == 0) {
__eflags = *(_t793 + 0x246);
if( *(_t793 + 0x246) == 0) {
_v288 = 0xb;
_t503 = &_v288;
L23:
_t504 = E004165A1(_t801, _a4, _t503, 0xb);
L24:
__eflags = _t504 - 0xffffffff;
goto L25;
}
*((short*)(_t793 + 0x457)) = 0x101;
continue;
}
*((char*)(_t793 + 0x458)) = 1;
goto L183;
}
__eflags = _t502 != 0;
if(_t502 != 0) {
goto L186;
}
_t857 = _v29;
_t886 = E0040E205(_v29 + 2);
__eflags = _t886;
if(_t886 == 0) {
goto L186;
}
_t512 = == ? _v20 : _v16;
_t513 = E00416504(_t801, _a4, *_t793, _t886, _t857, 0xea60, == ? _v20 : _v16);
__eflags = _t513 - 1;
if(_t513 == 1) {
_t514 = _v29;
_v53 = _v53 & 0;
*((short*)(_t886 + (_t514 >> 1) * 2)) = 0;
_t801 = 1;
_v49 = _t514;
_t838 = 0x2a;
_v56 = 0xd;
_v55 = 1;
_t858 = E0040EF0E(_t886, _t838);
__eflags = _t858;
if(__eflags == 0) {
_t859 = E004165C7(_v29, 1, __eflags, _a4, &_v56, _t886);
L154:
E0040E235(_t886);
__eflags = _t859 - 0xffffffff;
goto L25;
}
*_t858 = 0;
_t801 = _t886;
E0040E5D6(0xffffffff, _t801, &_v872);
_t524 = 0x2a;
*_t858 = _t524;
_t860 = _t858 + 2;
_v60 = _t860;
_t527 = E0040E205(_v33 << 2);
_v40 = _v40 & 0x00000000;
__eflags = _v33;
_v24 = _t527;
if(__eflags <= 0) {
L149:
_push(_t886);
_push( &_v56);
_t529 = _v29;
L150:
_push(_a4);
_t530 = E004165C7(_t529, _t801, __eflags);
L151:
_t859 = _t530;
L152:
E0040E235(_v24);
goto L154;
}
_t807 = _v40;
_t849 = _t860;
do {
_t532 = *_t860 & 0x0000ffff;
__eflags = _t532 - 0x2a;
if(_t532 == 0x2a) {
__eflags = _t532;
L139:
_v41 = __eflags == 0;
*_t860 = 0;
*(_v24 + _t807 * 4) = _t849;
_t801 = _t807 + 1;
_t860 = _t860 + 2;
__eflags = _v41;
_v40 = _t801;
_t849 = _t860;
if(_v41 != 0) {
break;
}
goto L140;
}
__eflags = _t532;
if(__eflags == 0) {
goto L139;
}
_t860 = _t860 + 2;
L140:
__eflags = _t801 - _v33;
} while (_t801 < _v33);
__eflags = _t801;
if(__eflags == 0) {
goto L149;
}
__eflags = GetTempPathW(0x104, &_v3224);
if(__eflags == 0) {
goto L149;
}
__eflags = E00412877(0, &_v3224, &_v1920, L".tmp", 8, 8);
if(__eflags == 0) {
goto L149;
}
_t801 = &_v1920;
_v53 = E0040ED84( &_v1920) + _t540;
__eflags = E0041661A(_v29, &_v1920, __eflags, _a4, &_v56, _t886, &_v1920, E0040ED84( &_v1920) + _t540);
if(__eflags == 0) {
_t859 = _t860 | 0xffffffff;
goto L152;
}
__eflags = E0041BD1F(__eflags, &_v1920, _v24, _v40, &_v872);
if(__eflags == 0) {
_push(_t886);
_push( &_v56);
_t529 = _v49;
goto L150;
}
_t550 = 2;
_v55 = _t550;
_t530 = E0041661A(_v49, _t801, __eflags, _a4, &_v56, _t886, &_v1920, _v53);
goto L151;
}
E0040E235(_t886);
continue;
}
if(__eflags == 0) {
_t555 = *((intOrPtr*)(_t793 + 0x10));
__eflags = _t555;
if(_t555 == 0) {
continue;
}
_t801 = *(_t793 + 0x246) | _t555;
_t557 = == ? _v20 : _v16;
_t558 = E00416504( *(_t793 + 0x246) | _t555, _a4, *_t793, *(_t793 + 0xc), _v29, 0xea60, == ? _v20 : _v16);
__eflags = _t558 - 1;
if(_t558 != 1) {
goto L186;
}
_v148 = 0xc;
_t560 = WriteFile( *(_t793 + 0x14), *(_t793 + 0xc), _v29, &_v264, 0);
__eflags = _t560;
if(_t560 != 0) {
_v145 = 0;
} else {
_v145 = GetLastError();
}
_v141 = 0;
_t562 = E004165A1(_t801, _a4, &_v148, 0xb);
__eflags = _t562 - 0xffffffff;
if(_t562 == 0xffffffff) {
goto L186;
} else {
__eflags = _v145;
goto L182;
}
}
_t564 = _t466 - 1;
__eflags = _t564;
if(_t564 == 0) {
_t566 = (_v35 & 0x0000ffff) - 1;
__eflags = _t566;
if(_t566 == 0) {
_t861 = 0;
_t568 = GetLogicalDriveStringsA(0x100, &_v2696);
_t286 = _t568 - 3; // -3
_v24 = _t568;
__eflags = _t286;
if(__eflags == 0) {
L117:
_v123 = 1;
_push( &_v2696);
_v124 = 2;
_v117 = _t568;
_t801 = &_v124;
L89:
_push(_t801);
L90:
_push(_a4);
_t504 = E004165C7(_t568, _t801, __eflags);
goto L24;
} else {
goto L107;
}
do {
L107:
_t888 = _t897 + _t861 - 0xa82;
*((char*)(_t897 + E0040E271( &_v76, _t888 - 2, E0040ED72(_t888 - 2)) - 0x48)) = 0;
_t574 = GetDriveTypeA( &_v76);
__eflags = _t574;
if(_t574 == 0) {
*_t888 = 0x66;
} else {
_t577 = _t574 - 1;
__eflags = _t577;
if(_t577 == 0) {
*_t888 = 0x6c;
} else {
_t578 = _t577 - 1;
__eflags = _t578;
if(_t578 == 0) {
*_t888 = 0x6e;
} else {
__eflags = _t578 == 1;
if(_t578 == 1) {
*_t888 = 0x63;
}
}
}
}
_t861 = _t861 + 4;
__eflags = _t861 - _v24 + 0xfffffffd;
} while (__eflags < 0);
_t568 = _v24;
goto L117;
}
__eflags = _t566 != 1;
if(_t566 != 1) {
goto L186;
}
_t889 = _v29;
__eflags = _t889 - 0x208;
if(_t889 >= 0x208) {
goto L186;
}
_t584 = == ? _v20 : _v16;
_t586 = E00416504(_t801, _a4, *_t793, &_v872, _t889, 0xea60, == ? _v20 : _v16);
__eflags = _t586 - 1;
if(_t586 != 1) {
continue;
}
*((short*)(_t897 + (_t889 >> 1) * 2 - 0x364)) = 0;
_t839 = _t897 + E0040ED84( &_v872) * 2 - 0x364;
E0040E5D6(_t588 | 0xffffffff, "*", _t839);
_t591 = 2;
_v71 = _t591;
_v72 = 2;
_t891 = FindFirstFileW( &_v872, &_v1992);
__eflags = _t891 - 0xffffffff;
if(_t891 != 0xffffffff) {
do {
_t839 = _t839 | 0xffffffff;
_t597 = E0040EE45(_t839, L"..", _t839, &(_v1992.cFileName));
__eflags = _t597;
if(_t597 == 0) {
goto L98;
}
_t839 = _t839 | 0xffffffff;
_t801 = ".";
_t621 = E0040EE45(_t839, ".", _t839, &(_v1992.cFileName));
__eflags = _t621;
if(_t621 == 0) {
goto L98;
}
FileTimeToSystemTime( &(_v1992.ftLastWriteTime), &_v216);
wsprintfW( &_v3264, L"%s*%2.2d/%2.2d/%4.4d %2.2d:%2.2d", &(_v1992.cFileName), _v216.wMonth & 0x0000ffff, _v216.wDay & 0x0000ffff, _v216.wYear & 0x0000ffff, _v216.wHour & 0x0000ffff, _v216.wMinute & 0x0000ffff);
_t898 = _t898 + 0x20;
_push( &_v1992);
_t797 = 4;
_t635 = E0041543F(_t797, *((intOrPtr*)(_v12 + 8)));
__eflags = _t635;
if(_t635 == 0) {
L185:
_t793 = _v12;
goto L186;
}
_t638 = E0041543F(_t797, *((intOrPtr*)(_v12 + 8)), &(_v1992.nFileSizeHigh));
__eflags = _t638;
if(_t638 == 0) {
goto L185;
}
_t641 = E0041543F(_t797, *((intOrPtr*)(_v12 + 8)), &(_v1992.nFileSizeLow));
__eflags = _t641;
if(_t641 == 0) {
goto L185;
}
_t801 = &_v3264;
_t259 = E0040ED84( &_v3264) + 2; // 0x2
_t645 = E0041543F(_t642 + _t259, *((intOrPtr*)(_v12 + 8)), &_v3264);
__eflags = _t645;
if(_t645 == 0) {
goto L185;
}
_t793 = _v12;
L98:
_t599 = FindNextFileW(_t891, &_v1992);
__eflags = _t599;
} while (_t599 != 0);
FindClose(_t891);
_t840 = *( *(_t793 + 8));
_t801 = &_v872;
_v65 = _t840;
_t602 = E0040ED84( &_v872);
_t568 = _t602 + _t602 - 2;
_v69 = _t602 + _t602 - 2;
__eflags = _t840;
if(__eflags == 0) {
L88:
_push( &_v872);
_t801 = &_v72;
goto L89;
}
_t604 = E0040E205(_t840);
_v40 = _t604;
__eflags = _t604;
if(_t604 == 0) {
goto L186;
}
_t892 = _v12;
_push( &_v72);
_t794 = 0xb;
_t606 = E0041543F(_t794, *((intOrPtr*)(_v12 + 4)));
__eflags = _t606;
if(_t606 == 0) {
L184:
E0040E235(_v40);
goto L185;
}
_t795 = _v65;
_t609 = E004154A6(_v65, *((intOrPtr*)(_t892 + 8)), _v40);
__eflags = _t609 - 1;
if(_t609 != 1) {
goto L184;
}
_t611 = E0041543F(_t795, *((intOrPtr*)(_v12 + 4)), _v40);
__eflags = _t611;
if(_t611 == 0) {
goto L184;
}
_t614 = E0041543F(_v69, *((intOrPtr*)(_v12 + 4)), &_v872);
__eflags = _t614;
if(_t614 == 0) {
goto L184;
}
E0040E235(_v40);
L74:
_t618 = E00416688( *((intOrPtr*)(_v12 + 4)), _t801, __eflags, _a4);
__eflags = _t618 - 0xffffffff;
if(_t618 == 0xffffffff) {
goto L185;
}
_t793 = _v12;
continue;
}
_t647 = E0040ED84( &_v872) - 1;
_v69 = _t647;
_v65 = 0;
_t568 = _t647 + _t647;
__eflags = _t647 + _t647;
goto L88;
}
_t649 = _t564;
__eflags = _t649;
if(_t649 == 0) {
_t651 = (_v35 & 0x0000ffff) - 1;
__eflags = _t651;
if(_t651 == 0) {
_t894 = _v29;
__eflags = _t894 - 0x208;
if(_t894 >= 0x208) {
goto L186;
}
_t655 = == ? _v20 : _v16;
_t657 = E00416504(_t801, _a4, *_t793, &_v872, _t894, 0xea60, == ? _v20 : _v16);
__eflags = _t657 - 1;
if(_t657 != 1) {
continue;
}
_t801 = 0;
*((short*)(_t897 + (_t894 >> 1) * 2 - 0x364)) = 0;
_v159 = 1;
_v160 = 4;
__eflags = CreateDirectoryW( &_v872, 0);
if(__eflags == 0) {
_v157 = GetLastError();
} else {
_v157 = 0;
}
_push( &_v872);
_v153 = _t894;
_t666 = &_v160;
L62:
_push(_t666);
_t568 = _t894;
goto L90;
}
_t667 = _t651 - 1;
__eflags = _t667;
if(_t667 == 0) {
_t895 = _v29;
__eflags = _t895 - 0x208;
if(_t895 >= 0x208) {
goto L186;
}
_t671 = == ? _v20 : _v16;
_t673 = E00416504(_t801, _a4, *_t793, &_v872, _t895, 0xea60, == ? _v20 : _v16);
__eflags = _t673 - 1;
if(_t673 != 1) {
continue;
}
*((short*)(_t897 + (_t895 >> 1) * 2 - 0x364)) = 0;
PathIsDirectoryW( &_v872);
_t678 = 2;
_v187 = _t678;
_v188 = 4;
_t680 = E00413C06( &_v872);
_t801 = &_v872;
_v185 = _t680;
_v181 = E0040ED84( &_v872) + _t681;
_push( &_v188);
_t799 = 0xb;
_t685 = E0041543F(_t799, *((intOrPtr*)(_v12 + 4)));
__eflags = _t685;
if(_t685 == 0) {
goto L185;
}
__eflags = E0041543F(_t895, *((intOrPtr*)(_v12 + 4)), &_v872);
if(__eflags == 0) {
goto L185;
}
goto L74;
}
_t689 = _t667 - 1;
__eflags = _t689;
if(_t689 == 0) {
_t894 = _v29;
__eflags = _t894 - 0x412;
if(_t894 >= 0x412) {
goto L186;
}
_t693 = == ? _v20 : _v16;
_t695 = E00416504(_t801, _a4, *_t793, &_v2440, _t894, 0xea60, == ? _v20 : _v16);
__eflags = _t695 - 1;
if(_t695 != 1) {
continue;
}
_t801 = 0;
*((short*)(_t897 + (_t894 >> 1) * 2 - 0x984)) = 0;
_t841 = 0x2a;
_t871 = E0040EF0E( &_v2440, _t841);
__eflags = _t871;
if(_t871 == 0) {
continue;
}
_t152 = _t871 + 2; // 0x2
_t847 = &_v3744;
E0040E5D6(_t699 | 0xffffffff, _t152, _t847);
*_t871 = 0;
_t705 = E0040E271( &_v1392, &_v2440, E0040ED84( &_v2440) + _t703);
_t801 = 0;
*((short*)(_t897 + _t705 - 0x56c)) = 0;
_t706 = 0x2a;
*_t871 = _t706;
_t707 = 3;
_v135 = _t707;
_v136 = 4;
__eflags = MoveFileW( &_v1392, _t847);
if(__eflags == 0) {
_v133 = GetLastError();
} else {
_v133 = _v133 & 0x00000000;
}
_push( &_v2440);
_v129 = _t894;
_t666 = &_v136;
goto L62;
}
__eflags = _t689 != 1;
if(_t689 != 1) {
goto L186;
}
_t894 = _v29;
__eflags = _t894 - 0x412;
if(_t894 >= 0x412) {
goto L186;
}
_t717 = == ? _v20 : _v16;
_t719 = E00416504(_t801, _a4, *_t793, &_v2440, _t894, 0xea60, == ? _v20 : _v16);
__eflags = _t719 - 1;
if(_t719 != 1) {
continue;
}
_t801 = 0;
*((short*)(_t897 + (_t894 >> 1) * 2 - 0x984)) = 0;
_t842 = 0x2a;
_t872 = E0040EF0E( &_v2440, _t842);
__eflags = _t872;
if(_t872 == 0) {
continue;
}
_t127 = _t872 + 2; // 0x2
_t846 = &_v3744;
E0040E5D6(_t723 | 0xffffffff, _t127, _t846);
*_t872 = 0;
_t729 = E0040E271( &_v1392, &_v2440, E0040ED84( &_v2440) + _t727);
_t801 = 0;
*((short*)(_t897 + _t729 - 0x56c)) = 0;
_t730 = 0x2a;
*_t872 = _t730;
_t731 = 4;
_v111 = _t731;
_v112 = 4;
__eflags = ShellExecuteW(0, 0, &_v1392, _t846, 0, 1) - 0x20;
if(__eflags <= 0) {
_v109 = GetLastError();
} else {
_v109 = 0;
}
_push( &_v2440);
_v105 = _t894;
_t666 = &_v112;
goto L62;
}
_t738 = _t649;
__eflags = _t738;
if(_t738 == 0) {
_t59 = _t793 + 0x24c; // 0x24c
_t896 = _t59;
E0040E2E8(_t738, _t896, 0, 0x20a);
_t874 = _v29;
__eflags = _t874 - 0x208;
if(_t874 >= 0x208) {
continue;
}
_t743 = == ? _v20 : _v16;
_t744 = E00416504(_t801, _a4, *_t793, _t896, _t874, 0xea60, == ? _v20 : _v16);
__eflags = _t744 - 1;
if(_t744 != 1) {
continue;
}
_t875 = _t874 >> 1;
*((short*)(_t793 + 0x24c + _t875 * 2)) = 0;
_t749 = == ? _v20 : _v16;
_t751 = E00416504(_t801, _a4, *_t793, &_v224, 8, 0xea60, == ? _v20 : _v16);
__eflags = _t751 - 1;
if(_t751 != 1) {
continue;
}
_t752 = PathIsDirectoryW(_t896);
__eflags = _t752;
if(_t752 == 0) {
_t753 = CreateFileW(_t896, 0x80000000, 1, 0, 3, 0x8000000, 0);
*(_t793 + 0x248) = _t753;
__eflags = _t753 - 0xffffffff;
if(_t753 != 0xffffffff) {
_t755 = FindFirstFileW(_t896, &_v944);
__eflags = _t755 - 0xffffffff;
if(_t755 == 0xffffffff) {
L49:
_t876 = _t875 | 0xffffffff;
__eflags = _t876;
_v176 = _t876;
CloseHandle( *(_t793 + 0x248));
L50:
_v88 = 6;
_v85 = _v176;
_t759 = E0040ED84(_t896) + _t758;
_v24 = _t876;
L42:
_t801 = &_v88;
_v81 = _t759;
_t504 = E0041661A(_t759, &_v88, __eflags, _a4, &_v88, _t896, &_v24, 4);
goto L24;
}
FindClose(_t755);
_t875 = _v944.nFileSizeHigh;
_push(0);
_v176 = 0 + _v944.nFileSizeLow;
asm("adc edi, edx");
_t764 = SetFilePointerEx( *(_t793 + 0x248), _v224, _v220, &_v296);
__eflags = _t764;
if(_t764 == 0) {
goto L49;
}
_t766 = GetFileTime( *(_t793 + 0x248), 0, 0, &_v260);
__eflags = _t766;
if(_t766 != 0) {
FileTimeToSystemTime( &_v260, &_v240);
wsprintfW( &_v340, L"%2.2d/%2.2d/%4.4d %2.2d:%2.2d", _v240.wMonth & 0x0000ffff, _v240.wDay & 0x0000ffff, _v240.wYear & 0x0000ffff, _v240.wHour & 0x0000ffff, _v240.wMinute & 0x0000ffff);
_t898 = _t898 + 0x1c;
E0040E5D6(E0040ED84(_t896) | 0xffffffff, "*", &(_t896[_t777]));
E0040E5D6(E0040ED84(_t896) | 0xffffffff, &_v340, &(_t896[_t780]));
}
goto L50;
}
_t876 = _t875 | _t753;
_v176 = _t876;
goto L50;
}
_v85 = _v85 | 0xffffffff;
_v88 = 6;
_t759 = E0040ED84(_t896) + _t783;
_t78 = &_v24;
*_t78 = _v24 | 0xffffffff;
__eflags = *_t78;
goto L42;
}
__eflags = _t738 != 1;
if(_t738 != 1) {
goto L186;
}
__eflags = _v33 - 0xffffffff;
if(_v33 != 0xffffffff) {
*((short*)(_t793 + 0x456)) = 0;
*(_t793 + 0x246) = 1;
*((char*)(_t793 + 0x458)) = 0;
} else {
CloseHandle( *(_t793 + 0x248));
}
}
__eflags = *(_t793 + 0x246);
if( *(_t793 + 0x246) != 0) {
__eflags = *((char*)(_t793 + 0x456));
if( *((char*)(_t793 + 0x456)) != 0) {
L22:
_t786 = CloseHandle( *(_t793 + 0x248));
__eflags = *((char*)(_t793 + 0x457));
*(_t793 + 0x246) = 0;
_t790 = ((_t786 & 0xffffff00 | *((char*)(_t793 + 0x457)) != 0x00000000) - 0x00000001 & 0x000000fd) + 0xb;
__eflags = _t790;
_v276 = _t790;
_t503 = &_v276;
goto L23;
}
__eflags = *((char*)(_t793 + 0x457));
if( *((char*)(_t793 + 0x457)) != 0) {
goto L22;
}
_t801 = *(_t793 + 0x248);
_t792 = ReadFile( *(_t793 + 0x248), *(_t793 + 0xc), 0x1000, &_v164, 0);
__eflags = _t792;
if(_t792 != 0) {
_t568 = _v164;
__eflags = _t568;
if(__eflags != 0) {
_push( *(_t793 + 0xc));
_v252 = 7;
_v249 = 0;
_v245 = _t568;
_t801 = &_v252;
goto L89;
}
*((char*)(_t793 + 0x456)) = 1;
} else {
*((char*)(_t793 + 0x457)) = 1;
}
goto L11;
}
*(_t793 + 0x45c) = *(_t793 + 0x45c) + _t881;
__eflags = *(_t793 + 0x45c) - 0xea60;
if( *(_t793 + 0x45c) < 0xea60) {
goto L11;
} else {
goto L186;
}
L25:
} while (__eflags != 0);
}
goto L186;
}
*(_t793 + 0x45c) = *(_t793 + 0x45c) + 0x2710;
if( *(_t793 + 0x45c) < 0xea60) {
continue;
} else {
goto L186;
}
}
goto L186;
}
}
0x0041676f
0x00416780
0x00416785
0x00416787
0x0041678a
0x0041678c
0x004177a6
0x004177a6
0x0041679b
0x0041770d
0x00417719
0x00417722
0x00417727
0x00417727
0x00417734
0x0041773c
0x0041773c
0x00417742
0x00417746
0x00417748
0x00417748
0x0041774d
0x00417752
0x00417754
0x00417754
0x00417759
0x0041775e
0x00417760
0x00417760
0x00417765
0x0041776a
0x0041776d
0x0041776d
0x00417772
0x00417776
0x0041777e
0x00417782
0x00417789
0x00417790
0x00417797
0x00000000
0x004167a1
0x004167a3
0x004167a6
0x004167a9
0x004167ad
0x004167bb
0x004167df
0x004167e7
0x00000000
0x00000000
0x004167ef
0x0041680d
0x00416810
0x00416815
0x00416817
0x00000000
0x00000000
0x0041682e
0x00416833
0x00416836
0x0041683c
0x0041683c
0x0041683c
0x0041683c
0x00416843
0x00416843
0x00416843
0x0041684f
0x00416860
0x00416867
0x00416869
0x00000000
0x00000000
0x0041694e
0x00416951
0x00000000
0x00000000
0x00416957
0x0041695b
0x00416961
0x00416964
0x00417340
0x00417340
0x00417343
0x004176ec
0x004176f0
0x004176f0
0x00000000
0x00000000
0x004176f6
0x004176f8
0x00000000
0x004176f8
0x00417349
0x00417349
0x0041734a
0x0041758c
0x0041758c
0x00417590
0x00417595
0x00417598
0x0041759e
0x00000000
0x00000000
0x004175b0
0x004175c1
0x004175c6
0x004175c9
0x00000000
0x00000000
0x004175d1
0x004175d6
0x004175e7
0x004175fc
0x00417601
0x00417604
0x00000000
0x00000000
0x0041760c
0x0041760f
0x00417614
0x00417616
0x00417618
0x00417623
0x00417623
0x00417626
0x0041762f
0x00417634
0x00417636
0x0041761a
0x0041761a
0x0041761a
0x0041763d
0x0041763d
0x0041763e
0x00417655
0x00000000
0x00417640
0x00417640
0x00417640
0x00417641
0x0041764e
0x00417650
0x00417650
0x00417656
0x00417668
0x0041766e
0x00417673
0x00417676
0x00417678
0x00417688
0x0041768e
0x00417690
0x00417692
0x00417692
0x00417692
0x00417692
0x00417690
0x00417696
0x0041769a
0x004176a1
0x004176b1
0x004176b1
0x004176b1
0x004176a3
0x004176a9
0x004176a9
0x004176ba
0x004176c0
0x004176cc
0x004176d2
0x004176d7
0x004176da
0x00000000
0x004176dc
0x004176dc
0x004176e3
0x00000000
0x004176e3
0x004176da
0x00417643
0x00417644
0x00000000
0x00000000
0x0041764a
0x00000000
0x0041764a
0x0041763e
0x00417351
0x00417351
0x00417352
0x0041754a
0x0041754e
0x0041755c
0x00417563
0x00417573
0x0041757a
0x00416935
0x0041693b
0x00416940
0x00416940
0x00000000
0x00416940
0x00417565
0x00000000
0x00417565
0x00417550
0x00000000
0x00417550
0x00417359
0x0041735a
0x00000000
0x00000000
0x00417360
0x0041736b
0x0041736d
0x0041736f
0x00000000
0x00000000
0x00417381
0x00417392
0x00417397
0x0041739a
0x004173a7
0x004173b0
0x004173b3
0x004173bb
0x004173bc
0x004173bf
0x004173c2
0x004173c6
0x004173cf
0x004173d1
0x004173d3
0x0041753a
0x0041753c
0x0041753d
0x00417542
0x00000000
0x00417542
0x004173db
0x004173e1
0x004173e9
0x004173f0
0x004173f1
0x004173f7
0x004173fd
0x00417400
0x00417405
0x00417409
0x0041740d
0x00417410
0x0041750e
0x00417511
0x00417512
0x00417513
0x00417516
0x00417516
0x00417519
0x0041751e
0x0041751e
0x00417520
0x00417523
0x00000000
0x00417523
0x00417416
0x00417419
0x0041741b
0x0041741b
0x0041741e
0x00417421
0x0041742d
0x00417430
0x00417430
0x00417436
0x0041743c
0x0041743f
0x00417440
0x00417443
0x00417447
0x0041744a
0x0041744c
0x00000000
0x00000000
0x00000000
0x0041744c
0x00417423
0x00417426
0x00000000
0x00000000
0x00417428
0x0041744e
0x0041744e
0x0041744e
0x00417453
0x00417455
0x00000000
0x00000000
0x0041746d
0x0041746f
0x00000000
0x00000000
0x00417493
0x00417495
0x00000000
0x00000000
0x00417497
0x004174a5
0x004174bb
0x004174bd
0x00417509
0x00000000
0x00417509
0x004174d8
0x004174da
0x00417502
0x00417503
0x00417504
0x00000000
0x00417504
0x004174de
0x004174e2
0x004174f8
0x00000000
0x004174f8
0x0041739d
0x00000000
0x0041739d
0x0041696a
0x004172a4
0x004172a7
0x004172a9
0x00000000
0x00000000
0x004172b5
0x004172ba
0x004172cf
0x004172d4
0x004172d7
0x00000000
0x00000000
0x004172ea
0x004172f7
0x004172fd
0x004172ff
0x0041730f
0x00417301
0x00417307
0x00417307
0x00417321
0x00417327
0x0041732c
0x0041732f
0x00000000
0x00417335
0x00417335
0x00000000
0x00417335
0x0041732f
0x00416970
0x00416970
0x00416971
0x00416f75
0x00416f75
0x00416f76
0x0041721d
0x0041721f
0x00417225
0x00417228
0x0041722b
0x0041722d
0x00417287
0x0041728a
0x00417294
0x00417295
0x00417299
0x0041729c
0x00417032
0x00417032
0x00417033
0x00417033
0x00417036
0x00000000
0x00000000
0x00000000
0x00000000
0x0041722f
0x0041722f
0x0041722f
0x00417249
0x00417259
0x00417259
0x0041725a
0x00417274
0x0041725c
0x0041725c
0x0041725c
0x0041725d
0x0041726f
0x0041725f
0x0041725f
0x0041725f
0x00417260
0x0041726a
0x00417262
0x00417262
0x00417263
0x00417265
0x00417265
0x00417263
0x00417260
0x0041725d
0x0041727a
0x00417280
0x00417280
0x00417284
0x00000000
0x00417284
0x00416f7c
0x00416f7d
0x00000000
0x00000000
0x00416f83
0x00416f86
0x00416f8c
0x00000000
0x00000000
0x00416f9e
0x00416fb5
0x00416fba
0x00416fbd
0x00000000
0x00000000
0x00416fcd
0x00416fda
0x00416fe9
0x00416ff0
0x00416ff1
0x00417003
0x0041700d
0x0041700f
0x00417012
0x00417040
0x00417046
0x00417051
0x00417056
0x00417058
0x00000000
0x00000000
0x00417064
0x0041706a
0x0041706f
0x00417074
0x00417076
0x00000000
0x00000000
0x0041708a
0x004170cb
0x004170d1
0x004170da
0x004170e3
0x004170e4
0x004170e9
0x004170eb
0x0041770a
0x0041770a
0x00000000
0x0041770a
0x004170fe
0x00417103
0x00417105
0x00000000
0x00000000
0x00417118
0x0041711d
0x0041711f
0x00000000
0x00000000
0x00417125
0x00417130
0x0041713d
0x00417142
0x00417144
0x00000000
0x00000000
0x0041714a
0x0041714d
0x00417155
0x0041715b
0x0041715b
0x00417164
0x0041716d
0x0041716f
0x00417175
0x00417178
0x0041717d
0x00417181
0x00417184
0x00417186
0x00417028
0x0041702e
0x0041702f
0x00000000
0x0041702f
0x0041718e
0x00417193
0x00417196
0x00417198
0x00000000
0x00000000
0x0041719e
0x004171a7
0x004171aa
0x004171ab
0x004171b0
0x004171b2
0x00417702
0x00417705
0x00000000
0x00417705
0x004171b8
0x004171c3
0x004171c8
0x004171cb
0x00000000
0x00000000
0x004171da
0x004171df
0x004171e1
0x00000000
0x00000000
0x004171f7
0x004171fc
0x004171fe
0x00000000
0x00000000
0x00417207
0x00416eb5
0x00416ebe
0x00416ec3
0x00416ec6
0x00000000
0x00000000
0x00416ecc
0x00000000
0x00416ecc
0x0041701f
0x00417020
0x00417023
0x00417026
0x00417026
0x00000000
0x00417026
0x00416978
0x00416978
0x00416979
0x00416be8
0x00416be8
0x00416be9
0x00416ed4
0x00416ed7
0x00416edd
0x00000000
0x00000000
0x00416eef
0x00416f06
0x00416f0b
0x00416f0e
0x00000000
0x00000000
0x00416f18
0x00416f1a
0x00416f25
0x00416f34
0x00416f41
0x00416f43
0x00416f53
0x00416f45
0x00416f45
0x00416f45
0x00416f5f
0x00416f60
0x00416f66
0x00416ced
0x00416ced
0x00416cee
0x00000000
0x00416cee
0x00416bef
0x00416bef
0x00416bf0
0x00416deb
0x00416dee
0x00416df4
0x00000000
0x00000000
0x00416e06
0x00416e1d
0x00416e22
0x00416e25
0x00000000
0x00000000
0x00416e31
0x00416e40
0x00416e48
0x00416e49
0x00416e57
0x00416e5e
0x00416e63
0x00416e69
0x00416e76
0x00416e82
0x00416e8b
0x00416e8c
0x00416e91
0x00416e93
0x00000000
0x00000000
0x00416ead
0x00416eaf
0x00000000
0x00000000
0x00000000
0x00416eaf
0x00416bf6
0x00416bf6
0x00416bf7
0x00416cf5
0x00416cf8
0x00416cfe
0x00000000
0x00000000
0x00416d10
0x00416d27
0x00416d2c
0x00416d2f
0x00000000
0x00000000
0x00416d39
0x00416d3d
0x00416d45
0x00416d51
0x00416d53
0x00416d55
0x00000000
0x00000000
0x00416d5b
0x00416d61
0x00416d67
0x00416d74
0x00416d87
0x00416d8e
0x00416d90
0x00416d98
0x00416d9b
0x00416d9e
0x00416d9f
0x00416db0
0x00416dbd
0x00416dbf
0x00416dd0
0x00416dc1
0x00416dc1
0x00416dc1
0x00416ddc
0x00416ddd
0x00416de0
0x00000000
0x00416de0
0x00416bfd
0x00416bfe
0x00000000
0x00000000
0x00416c04
0x00416c07
0x00416c0d
0x00000000
0x00000000
0x00416c1f
0x00416c36
0x00416c3b
0x00416c3e
0x00000000
0x00000000
0x00416c48
0x00416c4c
0x00416c54
0x00416c60
0x00416c62
0x00416c64
0x00000000
0x00000000
0x00416c6a
0x00416c70
0x00416c76
0x00416c83
0x00416c96
0x00416c9d
0x00416c9f
0x00416ca7
0x00416caa
0x00416cad
0x00416cb3
0x00416cc3
0x00416ccd
0x00416cd0
0x00416cdd
0x00416cd2
0x00416cd2
0x00416cd2
0x00416ce6
0x00416ce7
0x00416cea
0x00000000
0x00416cea
0x00416980
0x00416980
0x00416981
0x004169c2
0x004169c2
0x004169c9
0x004169ce
0x004169d1
0x004169d7
0x00000000
0x00000000
0x004169e9
0x004169fa
0x004169ff
0x00416a02
0x00000000
0x00000000
0x00416a0a
0x00416a0c
0x00416a20
0x00416a38
0x00416a3d
0x00416a40
0x00000000
0x00000000
0x00416a47
0x00416a4d
0x00416a4f
0x00416a94
0x00416a9a
0x00416aa0
0x00416aa3
0x00416aba
0x00416ac0
0x00416ac3
0x00416bb1
0x00416bb7
0x00416bb7
0x00416bba
0x00416bc0
0x00416bc6
0x00416bce
0x00416bd2
0x00416bda
0x00416bdc
0x00416a66
0x00416a6d
0x00416a74
0x00416a77
0x00000000
0x00416a77
0x00416aca
0x00416ad0
0x00416ae0
0x00416ae1
0x00416af4
0x00416b02
0x00416b08
0x00416b0a
0x00000000
0x00000000
0x00416b21
0x00416b27
0x00416b29
0x00416b3d
0x00416b77
0x00416b7d
0x00416b92
0x00416baa
0x00416baa
0x00000000
0x00416b29
0x00416aa5
0x00416aa7
0x00000000
0x00416aa7
0x00416a51
0x00416a57
0x00416a60
0x00416a62
0x00416a62
0x00416a62
0x00000000
0x00416a62
0x00416983
0x00416984
0x00000000
0x00000000
0x0041698a
0x0041698e
0x004169a1
0x004169a8
0x004169af
0x00416990
0x00416996
0x00416996
0x0041698e
0x0041686f
0x00416876
0x0041688f
0x00416896
0x00416906
0x0041690c
0x00416912
0x00416919
0x00416927
0x00416927
0x00416929
0x0041692f
0x00000000
0x0041692f
0x00416898
0x0041689f
0x00000000
0x00000000
0x004168a4
0x004168b9
0x004168bf
0x004168c1
0x004168cf
0x004168d5
0x004168d7
0x004168e5
0x004168e8
0x004168ef
0x004168f5
0x004168fb
0x00000000
0x004168fb
0x004168d9
0x004168c3
0x004168c3
0x004168c3
0x00000000
0x004168c1
0x00416878
0x0041687e
0x00416888
0x00000000
0x0041688a
0x00000000
0x0041688a
0x00416943
0x00416943
0x00416949
0x00000000
0x00416836
0x004167f1
0x00416801
0x00000000
0x00416803
0x00000000
0x00416803
0x00416801
0x00000000
0x004167bb
Play interactive tour
Edit tour
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node